Stack Overflow
Stack Overflow

Questions tagged [fips]

The term "fips" commonly refers to the Federal Information Processing Standards Publication 140 (FIPS 140), a document published by the National Institute of Standards and Technology (NIST), a U.S. government agency. Cryptographic software and hardware that complies with the standard must use only cryptographic algorithms specified in FIPS 140-2, the latest published revision.

The term FIPS is sometimes used to refer to a specific publication, Security Requirements for Cryptographic Modules FIPS 140. Cryptographic software and hardware that complies with the standard must use only cryptographic algorithms specified in FIPS 140-2, the latest published revision.

However, FIPS 140-2 is one of many publications that describes information technology standards for use by U.S. Government Agencies.

Further information can be found at the FIPS Home Page

432 questions
7
votes
1 answer

TLS handshake fails between a Java 1.8 client and a Java 1.7 TLS 1.1 server running in FIPS mode, even after disabling TLS 1.2 in the client side

The SSL / TLS handshake between a "Java 1.7 TLS 1.1 server" and a "Java 1.8 client" fails in my environment with the following exception on the server side: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for…
Sanjay Bhat
  • 171
  • 1
  • 1
  • 9
6
votes
2 answers

How can I check whether my golang app uses boringcrypto instead of the native golang crypto?

Context: I was reading multiple articles about making my golang app FIPS compliant (in other words, making my app use boringcrypto instead of the native golang…
Kostya Linou
  • 113
  • 7
6
votes
2 answers

Is Nginx open source FIPS compliant?

I am investigating FIPS compliance for our platform. nginx is one of the components and we use nginx 1.15.1. I found the documentation about nginx plus being FIPS compliant. When NGINX Plus is executed on an operating system where a FIPS‑validated…
Manoj Guglani
  • 134
  • 1
  • 11
6
votes
2 answers

Detecting if FIPS is being enforced via .NET C#

Is there a way to determine from the .NET framework whether or not the FIPS policy is being enforced on the windows computer?
Chris
  • 733
  • 1
  • 5
  • 19
6
votes
3 answers

How do you use FIPS validated cryptographic algorithms with Visual Studio 2010 and Windows 7?

I've enabled FIPS compliance mode in Windows 7, but now my code fails to compile with the following error: Source file 'whatever.cs' could not be opened ('This implementation is not part of the Windows Platform FIPS validated cryptographic…
ScArcher2
  • 85,501
  • 44
  • 121
  • 160
6
votes
0 answers

How do I enable FIPS mode in Nginx?

I am hoping to get some guidance on enabling openssl fips mode for nginx. So far I followed the openssl guide for enabling fips mode on the openssl. That part works well: # /usr/local/openssl/bin/openssl md5 /usr/local/openssl/bin/openssl Error…
BBDG
  • 365
  • 4
  • 11
6
votes
1 answer

Make a Android application use FIPS 140-2 valiated cryptography

I have client who wants our application to use FIPS 140-2 validated cryptography. The app uses Okhttp and does some HTTPS requests. AFAIK Android uses OpenSSL C library and uses java wrapper javax/net/ssl. Questions: How to make android Application…
NitZRobotKoder
  • 1,046
  • 8
  • 44
  • 74
6
votes
2 answers

MSMQ. Keep message body encrypted while it is stored on drive

My project require to keep all data encrypted, so MSMQ needs to be encrypted too. But as it is known from the article (https://msdn.microsoft.com/en-us/library/ms704178(v=vs.85).aspx ) messages from private queues are stored by default in …
Viktor Fursov
  • 123
  • 1
  • 8
6
votes
2 answers

How can I ensure that curl uses openssl, and not nss?

Is it possible to ensure by a configuration parameter, that curl uses OpenSSL, and not NSS to retrieve https content? I need to ensure this, in order to enforce compliance with FIPS140-2, which RHEL6.2 has certified? I think that answer is "no". So…
Dustin Kirkland
  • 5,323
  • 3
  • 36
  • 34
6
votes
1 answer

OpenSSL with FIPS cross compiling for iOS armv7

I cross compiled the FIPS for armv7 using the instructions from http://opensslfoundation.com/testing/validation-2.0/platforms/ios/ I am having difficulties cross compiling openssl dependency on fips. I am getting following error in…
Vinay
  • 149
  • 1
  • 9
6
votes
3 answers

Why MD5 is required for JCE initialization

I am experimenting on enabling FIPS 180-3 on my java application. FIPS 180-3 allows only usage of 5 secure [hashes] (http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf) , MD5 is not one among them. Hence i am trying to…
Atul Soman
  • 4,612
  • 4
  • 30
  • 45
5
votes
1 answer

How to programmatically check if FIPS is enabled on JVM

After Java 12, internal package com.sun.net.ssl is removed. Is there any way that allow me to programmatically check if FIPS is enabled on JVM?
user1684651
  • 390
  • 1
  • 8
  • 21
5
votes
1 answer

OpenSSL FIPS_mode_set not working in Python cryptography library

According to Python Cryptography library's documentation [1], it is possible to build a custom cryptography wheel with OpenSSL statically linked. I tried doing this with an OpenSSL installation built with FIPS object module and was able to…
trinth
  • 5,919
  • 9
  • 40
  • 45
5
votes
1 answer

How to implement FIPS_mode() and FIPS_mode_set() in Python 3.6's ssl module?

I am trying to implement the FIPS_mode and FIPS_mode_set functions in Python's ssl module since those are not present by default. A patch for Python 3.4 has already been submitted and rejected due to various using reasons. Using that patch as an…
Hussain Ali Akbar
  • 1,585
  • 2
  • 16
  • 28
5
votes
0 answers

R: Connect to SFTP with RCurl

I'm trying to connect to a SFTP server. It is an encrypted server that uses FIPS mode. I am able to connect and perform file transfer through WinSCP, FileZilla, and through bash sftp commands with no problems. But, I cannot, access this same SFTP…
Dania
  • 305
  • 2
  • 10
1
2
3
28 29