[Swan] FIPS mode

jonetsu jonetsu at teksavvy.com
Tue Apr 14 15:47:56 EEST 2015


Hello,

  Regarding using libreswan in FIPS mode...  Is all of the encryption done using XFRM in kernel space ?  Would that mean that all crypto (C/asm) code is located in the kernel ?  IS there any plug-in alternative to use OpenSSL instead ?  I'm asking because of the overhead (time and money) that could be required to have the kernel crypto code validate under FIPS.  Whereas OpenSSL is already validated.  OTOH, going through OpenSSL would have a (significant) impact on performance.  Any thoughts about libreswan and FIPS validation ?

Regards.





More information about the Swan mailing list