FIPS 140-2 Compliant Encryption

Hello,

I am wondering if SSL/TLS is a FIPS 140-2 Compliant Encryption. If so, can you please point me to an authoritative source?

Thank you,
Joseph Irvine
jkeagle13Asked:
Who is Participating?
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
it depends on what you mean by compliant.

the openssl libraries are fully *certified*, when run in FIPS mode (this restricts you to just the FIPS approved algos). Any SSL link is FIPS *compliant* if the webserver (not client!) is set to operate only using FIPS approved algos - but will not be certified.

apache would be FIPS *certified* only if the openssl library it links to is compiled to FIPS mode (not the default). IIS, similarly, is *certified* if it uses the FIPS compatable libraries (available by default from windows 2003 onwards) AND the system is set to FIPS compliant mode in group policy.  There is no setting that will make IIS compliant but not certified, as one implies the other in windows.
0
 
TolomirAdministratorCommented:
0
All Courses

From novice to tech pro — start learning today.