Project

General

Profile

Misc #19608

Updated by jaruga (Jun Aruga) over 1 year ago

## Motivation and context 

 Recently I have been working for the [ruby/openssl](https://github.com/ruby/openssl) to support OpenSSL 3 FIPS mode such as sending pull-requests and reporting issues to the [OpenSSL project](https://github.com/openssl/openssl). The related issue ticket is [here](https://github.com/ruby/openssl/issues/603). 

 Currently a challenge of the ruby/openssl is that it doesn't work well on the OpenSSL FIPS mode, and I want ruby/openssl to work on it by adding the OpenSSL 3 FIPS mode case to the CI, and by adding more FIPS related unit tests and features. To solve this challenge, I would like to be a co-maintainer of the ruby/openssl for the FIPS mode related things. What do you think? 

 ## What is FIPS mode? 

 For someone who is interested in knowing the FIPS mode. Let me share the related documents below. In my understanding, FIPS mode is a security policy developed by US government. In some cases, the shipped Linux OS systems need to follow this policy. And OpenSSL has a feature to enable the FIPS mode. The README is [here](https://github.com/openssl/openssl/blob/master/README-FIPS.md). And there can be FIPS specific issues in the ruby/openssl with the OpenSSL FIPS mode enabled. 

 FIPS related documents: 
 * [FIPS Wikipedia](https://en.wikipedia.org/wiki/Federal_Information_Processing_Standards) 
 * [Red Hat Enterprise Linux (RHEL)](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#con_federal-information-processing-standard-fips_assembly_installing-the-system-in-fips-mode) [RHEL](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#con_federal-information-processing-standard-fips_assembly_installing-the-system-in-fips-mode) 
 * [Amazon Linux](https://aws.amazon.com/compliance/fips/) Linux](https://aws.amazon.com/blogs/publicsector/enabling-fips-mode-amazon-linux-2/) 
 * [SUSE Linux](https://www.suse.com/support/security/certifications/) Linux](https://www.suse.com/support/kb/doc/?id=000019432) 
 * [Ubuntu](https://ubuntu.com/security/certifications/docs/fips) 

 ## Past FIPS related issue tickets 

 As a reference, I just found some old issue tickets below. It is about OpenSSL 1.0 and 1.1 FIPS mode. 

 * https://bugs.ruby-lang.org/issues/6946 
 * https://bugs.ruby-lang.org/issues/19073 

Back