JRuby + FIPS

I am writing a server on jruby that needs to be able to run in FIPS
compliance. Given that jruby-ossl is being ported into main rather than
being maintained as a separate gem, and that bouncy-castle is not FIPS
certified, any chance we had at writing similar wrappers around some
other library that is FIPS certified will probably just get harder.

Any guidance anyone can offer here?

Has there been any consideration of this yet? If bouncy-castle gets
effectively hard-coded into jruby main without a way to separate it,
then there will be no way to run jruby in FIPS compliance mode, right? I
hope this bouncy-castle integration into main will at least be somehow

Matt H.

If someone wants to work on having multiple back-ends for this we
would be happy to help make things integrate better. At this point we
only have BC and emulating open-ssl has been extremely challenging.
However, if you know a FIPS-compliant API which can behave similiarly,
we can work with you (someone) so we can provide options.


On Fri, Jul 27, 2012 at 7:30 PM, Matt H. [email protected] wrote:

blog: http://blog.enebo.com twitter: tom_enebo
mail: [email protected]