<html><body><p>I believe Vapor statically link in LibreSSL and based on last meeting Logan said their decision was based on: <br>1 - simpler instruction for compiling code (since they were statically linking)<br>2 - better reputation for performance and security.<br><br>However the conclusion the group came to was that:<br>- Plug-n-play supports flexibility for OpenSSL and LibreSSL<br>- OpenSSL is still more prevalent and comes out of the box with Ubuntu and most other Linux distros.<br>- Having a compliance tick mark helps Swift adoption in the larger ecosystem, esp if similar guarantees can be made on both macOS and Linux platforms.<br>- It is possible that in the future, if Swift decides on adding security libraries to its tool chain, other plans can be made.<br><br><br>Regards,<br>Gelareh<br><br><br><br><img width="16" height="16" src="cid:1__=8FBB0A5DDFE73DEC8f9e8a93df938690918c8FB@" border="0" alt="Inactive hide details for Drew Crawford ---02/21/2017 03:00:53 PM---On February 21, 2017 at 2:36:33 PM, Swizzlr (me@swizzlr.co)"><font color="#424282">Drew Crawford ---02/21/2017 03:00:53 PM---On February 21, 2017 at 2:36:33 PM, Swizzlr (me@swizzlr.co) wrote: who have refused to use Swift on</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">Drew Crawford <drew@sealedabstract.com></font><br><font size="2" color="#5F5F5F">To: </font><font size="2">Swizzlr <me@swizzlr.co></font><br><font size="2" color="#5F5F5F">Cc: </font><font size="2">Gelareh Taban/Austin/IBM@IBMUS, swift-server-dev@swift.org</font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">02/21/2017 03:00 PM</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">Re: [swift-server-dev] FIPS certification</font><br><hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br><br><br><br><br>
<p><font face="Helvetica">On February 21, 2017 at 2:36:33 PM, Swizzlr (</font><a href="mailto:me@swizzlr.co"><u><font color="#0000FF" face="Helvetica">me@swizzlr.co</font></u></a><font face="Helvetica">) wrote:</font><ul><ul><font face="Helvetica Neue">who have refused to use Swift on the grounds that the crypto interface isn't FIPS certified.</font></ul></ul><font face="Helvetica">My understanding is that both Perfect and Vapor use OpenSSL, which is FIPS-certified in the proper mode. Can you go into more detail about why using Swift in combination with one of those wasn't an option for these entities?</font><p><p><BR>
</body></html>