[syslog-ng] Using FIPS complaint OpenSSL with syslog-ng OSE
Gergely Nagy
algernon at madhouse-project.org
Fri Jul 17 10:55:05 CEST 2015
>>>>> "Saurabh" == Saurabh Shukla <saurabh at purestorage.com> writes:
Saurabh> I see that syslog-ng OSE uses OpenSSL libraries for TLS support.
Saurabh> If my system has FIPS complaint OpenSSL installed, will syslog-ng OSE use
Saurabh> those FIPS compliant libraries for TLS support? Do I need any change in the
Saurabh> syslog-ng OSE's configuration for this?
You can make syslog-ng OSE use the FIPS compliant OpenSSL libraries, but
a lot of things will fail horribly. For example, SQL won't work, and you
will likely need to compile syslog-ng OSE with SQL
disabled. Furthermore, what you will get will *NOT* be FIPS compliant,
because FIPS requires a lot more than using a FIPS-compliant OpenSSL
library.
If you need FIPS compliance, syslog-ng PE can provide that, OSE won't:
even if it starts up (and I have my doubts it would), it will still not
be FIPS compliant.
--
|8]
More information about the syslog-ng
mailing list