Using FIPS complaint OpenSSL with syslog-ng OSE
Hi, I see that syslog-ng OSE uses OpenSSL libraries for TLS support. If my system has FIPS complaint OpenSSL installed, will syslog-ng OSE use those FIPS compliant libraries for TLS support? Do I need any change in the syslog-ng OSE's configuration for this? Thanks, -- Saurabh Shukla
BalaBit has produced such a mix with its premium edition, so it should work. However it took some work so probably not out of the box. On Jul 16, 2015 10:43 PM, "Saurabh Shukla" <saurabh@purestorage.com> wrote:
Hi,
I see that syslog-ng OSE uses OpenSSL libraries for TLS support.
If my system has FIPS complaint OpenSSL installed, will syslog-ng OSE use those FIPS compliant libraries for TLS support? Do I need any change in the syslog-ng OSE's configuration for this?
Thanks, -- Saurabh Shukla
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
"Saurabh" == Saurabh Shukla <saurabh@purestorage.com> writes:
Saurabh> I see that syslog-ng OSE uses OpenSSL libraries for TLS support. Saurabh> If my system has FIPS complaint OpenSSL installed, will syslog-ng OSE use Saurabh> those FIPS compliant libraries for TLS support? Do I need any change in the Saurabh> syslog-ng OSE's configuration for this? You can make syslog-ng OSE use the FIPS compliant OpenSSL libraries, but a lot of things will fail horribly. For example, SQL won't work, and you will likely need to compile syslog-ng OSE with SQL disabled. Furthermore, what you will get will *NOT* be FIPS compliant, because FIPS requires a lot more than using a FIPS-compliant OpenSSL library. If you need FIPS compliance, syslog-ng PE can provide that, OSE won't: even if it starts up (and I have my doubts it would), it will still not be FIPS compliant. -- |8]
participants (3)
-
Gergely Nagy
-
Saurabh Shukla
-
Scheidler, Balázs