activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerbia <jer...@gmail.com>
Subject Re: FIPS 140-2
Date Thu, 21 Jun 2012 14:31:19 GMT
Thanks Michael for the detailed reply!
Do you know what is the case for OpenSSL, used by ActiveMQ for secured
communication (ssl)?
Are there any ActiveMQ distribution compiled with a FIPS-complaint openSSL
version (http://www.openssl.org/docs/fips/fipsnotes.html)?

Thanks,
Amir


On Thu, Jun 21, 2012 at 5:10 PM, mickhayes [via ActiveMQ] <
ml-node+s2283324n4653436h66@n4.nabble.com> wrote:

> I came across this FIPS topic on introduction of Mozilla NSS in our
> organisation (we have a fairly detailed procedure when new FOSS software is
> introduced.)
>
> To answer the question, ActiveMQ isn't on the published lists, so the
> answer is no -a product is not compliant until it has been certified as
> such.
> Once a module is validated, then it's on the validated lists:
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
>
>
> However, I would question whether ActiveMQ needs to be - perhaps a "FIPS
> mode" would suffice.
>
> Consider NSS. Now it's validated - FIPS 140-2 compliant. So Firefox has a
> FIPS mode. Once you have a password for your "encryption device" you can
> turn on FIPS mode.
>
> ActiveMQ - like Firefox -doesn't itself own or develop any cryptographic
> modules.
> At a simple level, for encrypted passwords, the Apache V2-licensed jasypt
> library is used http://www.jasypt.org
> Jasypt relies on JCE.
>
> You can see on csrc.nist.gov which JCE modules have been validated as
> compliant.
>
> Note the concept of "FIPS mode" - explained well here:
> https://developer.mozilla.org/en/NSS/FIPS_Mode_-_an_explanation
>
>
>
> Michael Hayes B.Sc. (NUI), M.Sc. (DCU), SCSA SCNA
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
> http://activemq.2283324.n4.nabble.com/FIPS-140-2-tp4653345p4653436.html
>  To unsubscribe from FIPS 140-2, click here<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4653345&code=amVyYmlhQGdtYWlsLmNvbXw0NjUzMzQ1fDE4NjAwMDczMDQ=>
> .
> NAML<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>


--
View this message in context: http://activemq.2283324.n4.nabble.com/FIPS-140-2-tp4653345p4653439.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message