Web lists-archives.com

Re: [Samba] Is samba FIPS compliant ? Can it be build with openssl ?

Thanks for the quick reply Jeremy. 

We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is  there a link option to specify this kind of library ? 

~ Mike

-----Original Message-----
From: Jeremy Allison <jra@xxxxxxxxx> 
Sent: Tuesday, October 2, 2018 2:08 PM
To: Tompkins, Michael <Michael.Tompkins@xxxxxxxxx>
Cc: samba@xxxxxxxxxxxxxxx; USA Xerox Samba <USA.Xerox.Samba@xxxxxxxxx>
Subject: Re: [Samba] Is samba FIPS compliant ? Can it be build with openssl ?

On Tue, Oct 02, 2018 at 05:50:35PM +0000, Tompkins, Michael via samba wrote:
> I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ?  We're currently running 4.7.5. Please let me know.

FIPS certification is expensive and time-consuming, and no Open Source project that I know of has ever complied.

Having said that, individual vendors have gotten FIPS certification for specific versions of their product, Red Hat being one. As Red Hat ships by default with Samba, I think we're probably *able* to be FIPS certifiable, but you're going to have to do the actual FIPS certification work yourself :-).



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba