Is strongSwan FIPS compliant on Rocky Linux? #2253
Replies: 1 comment 6 replies
-
That just enforces FIPS-mode for the openssl plugin or rather OpenSSL's libcrypto library. Which is a prerequisite for FIPS-compliance I'd assume. That's platform-independent but doesn't affect strongSwan in any other way.
As I wrote there, disabling the default crypto plugins in strongSwan 5.9.6+ and enabling one that links a FIPS-certified crypto library (e.g. openssl) prevents strongSwan from doing any crypto operations itself, which should simplify FIPS certification. You can disable all the default plugins and options via |
Beta Was this translation helpful? Give feedback.
-
Hi,
We are planning to use strongSwan to set up the IPSec tunnels in our project. The OS we are using is Rocky Linux. And we are looking into the FIPS compliance of strongSwan on Rocky but we didn't find much documentation for it.
StrongSwan is FIPS certified on Ubuntu from this NIST page. But for Rocky Linux, based on CIQ Rocky FIPS, strongSwan is not included as a FIPS certified package. But in the meanwhile, the kernel and OpenSSL that we are using are FIPS certified.
So now we wonder if strongSwan is still FIPS compliant on Rocky. We have a couple of questions on this:
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions