堆栈内存溢出
  简体   繁体   English

Nginx 是否符合开源 FIPS 标准?

[英]Is Nginx open source FIPS compliant?

 原文  2020-06-24 17:13:20       nginx/ openssl/ fips

问题描述

I am investigating FIPS compliance for our platform.我正在调查我们平台的 FIPS 合规性。 nginx is one of the components and we use nginx 1.15.1. nginx 是组件之一,我们使用 nginx 1.15.1。 I found the documentation about nginx plus being FIPS compliant.我发现有关 nginx 以及符合 FIPS 的文档。

When NGINX Plus is executed on an operating system where a FIPS‑validated OpenSSL cryptographic module is present and FIPS mode is enabled, NGINX Plus is compliant with FIPS 140-2 with respect to the decryption and encryption of SSL/TLS and HTTP/2 traffic. When NGINX Plus is executed on an operating system where a FIPS‑validated OpenSSL cryptographic module is present and FIPS mode is enabled, NGINX Plus is compliant with FIPS 140-2 with respect to the decryption and encryption of SSL/TLS and HTTP/2 traffic .

https://docs.nginx.com/nginx/fips-compliance-nginx-plus/ https://docs.nginx.com/nginx/fips-compliance-nginx-plus/

Does this apply to open source nginx as well?这是否也适用于开源 nginx? I did not find any documentation for the open source version.我没有找到任何开源版本的文档。 I have posted the query in nginx forum as well but checking it here as well in case folks have already done FIPS compliance with the open source version.我已经在 nginx 论坛上发布了该查询,但也在这里检查它,以防人们已经完成了对开源版本的 FIPS 合规性。

1 个解决方案

解决方案1
 4 已采纳  2020-09-29 02:12:48

According to this blog post, it's not a "No" but more of a "We can't be sure" (emphasis mine):根据这篇博文,这不是“否”,而是“我们不能确定”(强调我的):

NGINX tests and verifies that NGINX Plus operates correctly when it is run on a FIPS‑enabled OS that is running in FIPS mode. NGINX 测试并验证 NGINX Plus 在以 FIPS 模式运行的支持 FIPS 的操作系统上运行时是否正常运行。 NGINX cannot make similar statements for NGINX Open Source... NGINX 不能对 NGINX Open Source 做出类似的声明...

https://www.nginx.com/blog/achieving-fips-compliance-nginx-plus/#FIPS-Compliance-with-NGINX-Open-Source https://www.nginx.com/blog/achieve-fips-compliance-nginx-plus/#FIPS-Compliance-with-NGINX-Open-Source

They can't make claims for the OS you compile on or the flags that you use to build.他们不能为您编译的操作系统或您用于构建的标志提出声明。 There's a lot going on in an OpenSSL build. OpenSSL 构建中有很多事情要做。

https://wiki.openssl.org/index.php/Compilation_and_Installation https://wiki.openssl.org/index.php/Compilation_and_Installation

And any deviation from the "trusted path" or "validated" build steps may invalidate your installation.任何偏离“可信路径”或“已验证”的构建步骤都可能使您的安装无效。

https://www.openssl.org/docs/fips/UserGuide-2.0.pdf https://www.openssl.org/docs/fips/UserGuide-2.0.pdf

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nginx开源是否支持OpenID和JWT - Does Nginx open source support OpenID and JWT 使用 nginx 开源的粘性会话负载均衡器 - Sticky session load balancer with nginx open source NginX(开源,不是Nginx plus)支持API网关吗? - Does NginX(Open source, not Nginx plus), supports API Gateway? 如何在 NGINX Open Source 上安装 image_filter 模块? - How to install the image_filter module on NGINX Open Source? Bitnami NGINX 开源图像上的 /home/bitnami/stack/ 目录是什么? - What is /home/bitnami/stack/ directory for on Bitnami NGINX Open Source image? Nginx 在 Nginx 开源配置文件中使用 AWS Auto Scaling Group 实例 - Nginx Using AWS Auto Scaling Group instances in configuration files with Nginx open source 哪个开源代理服务器可以根据服务器响应进行代理? (HAProxy,Nginx…) - Which Open Source Proxy server could proxy based on server response? (HAProxy, Nginx…) Nginx从源代码编译 - nginx compiling from source 在nginx中以文本形式返回源 - in nginx return source as text Nginx,fastcgi和开放式套接字 - nginx, fastcgi and open sockets
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM