[swift-server-dev] FIPS certification
Gelareh Taban
gtaban at us.ibm.com
Tue Feb 21 15:58:58 CST 2017
I believe Vapor statically link in LibreSSL and based on last meeting Logan
said their decision was based on:
1 - simpler instruction for compiling code (since they were statically
linking)
2 - better reputation for performance and security.
However the conclusion the group came to was that:
- Plug-n-play supports flexibility for OpenSSL and LibreSSL
- OpenSSL is still more prevalent and comes out of the box with Ubuntu and
most other Linux distros.
- Having a compliance tick mark helps Swift adoption in the larger
ecosystem, esp if similar guarantees can be made on both macOS and Linux
platforms.
- It is possible that in the future, if Swift decides on adding security
libraries to its tool chain, other plans can be made.
Regards,
Gelareh
From: Drew Crawford <drew at sealedabstract.com>
To: Swizzlr <me at swizzlr.co>
Cc: Gelareh Taban/Austin/IBM at IBMUS, swift-server-dev at swift.org
Date: 02/21/2017 03:00 PM
Subject: Re: [swift-server-dev] FIPS certification
On February 21, 2017 at 2:36:33 PM, Swizzlr (me at swizzlr.co) wrote:
who have refused to use Swift on the grounds that the crypto
interface isn't FIPS certified.
My understanding is that both Perfect and Vapor use OpenSSL, which is
FIPS-certified in the proper mode. Can you go into more detail about why
using Swift in combination with one of those wasn't an option for these
entities?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/25c5cc17/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/25c5cc17/attachment.gif>
More information about the swift-server-dev
mailing list