[swift-server-dev] FIPS certification

Gelareh Taban gtaban at us.ibm.com
Tue Feb 21 15:58:58 CST 2017

I believe Vapor statically link in LibreSSL and based on last meeting Logan
said their decision was based on:
1 - simpler instruction for compiling code (since they were statically
2 - better reputation for performance and security.

However the conclusion the group came to was that:
- Plug-n-play supports flexibility for OpenSSL and LibreSSL
- OpenSSL is still more prevalent and comes out of the box with Ubuntu and
most other Linux distros.
- Having a compliance tick mark helps Swift adoption in the larger
ecosystem, esp if similar guarantees can be made on both macOS and Linux
- It is possible that in the future, if Swift decides on adding security
libraries to its tool chain, other plans can be made.


From:	Drew Crawford <drew at sealedabstract.com>
To:	Swizzlr <me at swizzlr.co>
Cc:	Gelareh Taban/Austin/IBM at IBMUS, swift-server-dev at swift.org
Date:	02/21/2017 03:00 PM
Subject:	Re: [swift-server-dev] FIPS certification

On February 21, 2017 at 2:36:33 PM, Swizzlr (me at swizzlr.co) wrote:

      who have refused to use Swift on the grounds that the crypto
      interface isn't FIPS certified.

My understanding is that both Perfect and Vapor use OpenSSL, which is
FIPS-certified in the proper mode.  Can you go into more detail about why
using Swift in combination with one of those wasn't an option for these

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/25c5cc17/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/25c5cc17/attachment.gif>

More information about the swift-server-dev mailing list