[openssl-users] Enforcing FIPS via Cipher Suites Declaration

Thomas Francis, Jr. thomas.francis.jr at pobox.com
Thu Feb 4 16:34:51 UTC 2016 

> On Feb 4, 2016, at 10:13 AM, Lesley Kimmel <lesley.j.kimmel at gmail.com> wrote:
> 
> All;
> 
> I'm working with PosgreSQL in a DoD environment and am supposed to enforce FIPS operation. PostgreSQL doesn't perform a call to FIP_mode_set() but does provide a configuration item 'ssl_ciphers'. Is there more to FIPS_mode than I am aware of or would it be functionally equivalent to simply set my ciphers to something like 'FIPS:!aNULL:!eNULL’?

Yes, there is more to it.  From a technical standpoint, several “power-on self-tests” are supposed to be run in order for FIPS mode to be enabled.  While my own experience is the DoD’s auditors are a lot looser with the rules than most, other people report the opposite, and even the looser ones I’ve been in contact with would never allow what you’re suggesting.  You really need to be modifying PostgreSQL to invoke FIPS_mode_set(), and understand that there may be more to it than that.  I haven’t looked in a long time, but there are conceivably runtime issues if you just add that single call.

Also, depending on the auditor, you’d probably need to modify PostgreSQL’s documentation, too, so that it cannot in any way refer to non-approved algorithms as cryptography (except as allowed by relevant NIST publications, but I think SHA-1 is the only special case).  That could be tricky, and it’s up to the you to prove it’s OK, and then to remove the references anyway if the auditor still doesn’t like it. :)

> As a semi-related question, would a non-FIPS OpenSSL installation still enforce the same cipher suites but just not be 'officially' validated?

AFAIK, you could limit it to the appropriate cipher suites, but be aware that FIPS 140 is all about proving that only certain known and tested [implementations of] algorithms are used.  It’s unlikely that another version of OpenSSL would use exactly the same implementations (after all, fixes and performance enhancements have been added), and there’d still be nothing to prove those are the approved algorithms, even if they were the exact same.  So I can’t imagine any auditor approving such a setup.

OpenSSL doesn’t provide a cheap, easy answer to the issues surrounding FIPS 140 compliance, but it does significantly reduce the cost of effort for those producing software.  For those who rely on third-party software, it still helps, but it’s usually going to be a lot more effort than just “add the OpenSSL FIPS module” to the system. :)

TOM

> Thanks!
> -LJK
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list