Feature #16525: Add option to enable openssl FIPS compliance - pfSense - pfSense bugtracker

Actions

Copy link

Feature #16525

closed

Add option to enable openssl FIPS compliance

Added by Craig Coonrad 2 days ago. Updated 1 day ago.

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Operating System

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Description

If possible, would be nice to add a menu option to enable FIPS in openssl.
This can often be a requirement for pfSense users being audited for security compliance.

Making all applications use the FIPS module by default
https://docs.openssl.org/master/man7/fips_module/#making-all-applications-use-the-fips-module-by-default

Actions

Copy link

Updated by Craig Coonrad 2 days ago

Tracker changed from Bug to Feature
Affected Architecture deleted (~~All~~)

Actions

Copy link

Updated by Jim Pingle 1 day ago

Status changed from New to Rejected

It isn't that easy, real FIPS compliance means the entire system must be re-tested and certified for every build (at great expense), just allowing the module to be used isn't of any use for compliance.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Feature #16525

Add option to enable openssl FIPS compliance

Updated by Craig Coonrad 2 days ago

Updated by Jim Pingle 1 day ago