[swift-server-dev] FIPS certification

Drew Crawford drew at sealedabstract.com
Tue Feb 21 17:45:19 CST 2017




On February 21, 2017 at 3:50:00 PM, Carl Brown (carlb at pobox.com) wrote:

at times, some random, non-technical person in purchasing is making decisions about which bids to disqualify based on a spreadsheet of features with column names like "FIPS compliance (native)" and "FIPS compliance (optional)".  In that event, consultants and firms that want to use Swift to fulfill those contracts would have an easier time if OpenSSL was the default.
per Gelareh's comment, FIPS mode would not be the default:

but I would not think that it would be on by default. You are right that a large number of users this is not even a consideration.
My argument is essentially: if the usage is so low that FIPS compliance will not be the default, and if OpenSSL is chosen for FIPS compliance, OpenSSL should not be the default either.  Do you believe that there exists a large class of RFPs for which A) someone knows to enable FIPS mode, and B) someone does not know to choose OpenSSL?  I believe that is an empty set.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170221/4da3b290/attachment.html>


More information about the swift-server-dev mailing list