Page MenuHomeFreeBSD

openssl: Remove fips module from base system.
ClosedPublic

Authored by gordon on Aug 4 2024, 9:31 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 3:58 AM
Unknown Object (File)
Mon, Nov 18, 1:31 PM
Unknown Object (File)
Sat, Nov 9, 6:23 AM
Unknown Object (File)
Tue, Nov 5, 4:11 AM
Unknown Object (File)
Oct 30 2024, 4:10 PM
Unknown Object (File)
Oct 3 2024, 2:45 AM
Unknown Object (File)
Oct 3 2024, 2:39 AM
Unknown Object (File)
Sep 17 2024, 7:49 PM
Subscribers

Details

Summary

To comply with FIPS 140 guidance, you must be using a specifically
validated and approved version of the fips module. Currently, only
OpenSSL 3.0.8 and 3.0.9 have been approved by NIST for FIPS 140
validation. As such, we need to stop shipping later versions of the
module in the base system.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

gordon requested review of this revision.Aug 4 2024, 9:31 PM

Not sure who else to get this reviewed by, but we should stop shipping fips.so.

This revision was not accepted when it landed; it landed in state Needs Review.Aug 31 2024, 4:28 PM
This revision was automatically updated to reflect the committed changes.

Thank you for doing this!