I am writing a server on jruby that needs to be able to run in FIPS compliance. Given that jruby-ossl is being ported into main rather than being maintained as a separate gem, and that bouncy-castle is not FIPS certified, any chance we had at writing similar wrappers around some other library that is FIPS certified will probably just get harder. Any guidance anyone can offer here?
on 2012-07-13 00:48
on 2012-07-28 02:31
Has there been any consideration of this yet? If bouncy-castle gets effectively hard-coded into jruby main without a way to separate it, then there will be no way to run jruby in FIPS compliance mode, right? I hope this bouncy-castle integration into main will at least be somehow modularized... -- Matt Hauck
on 2012-07-30 17:16
If someone wants to work on having multiple back-ends for this we would be happy to help make things integrate better. At this point we only have BC and emulating open-ssl has been extremely challenging. However, if you know a FIPS-compliant API which can behave similiarly, we can work with you (someone) so we can provide options. -Tom On Fri, Jul 27, 2012 at 7:30 PM, Matt Hauck <firstname.lastname@example.org> wrote: > > > -- blog: http://blog.enebo.com twitter: tom_enebo mail: email@example.com