Someone has a service that uses a FIPS non-compatible hash in a protocol signature. When FIPS 140-2 compatibility is enabled on the hosts the service crashes (due to the hash signature being not allowed by the security configuration of the host). A way to get around this is to put the service in a Docker container on the FIPS compatible host. It works, but is it ok from a FIPS compatibility point of view? If not, why?
Asked
Active
Viewed 337 times
1
-
The impression I get from this post is that the poster is seeing some activity and would like to know if he/she should talk to the auditor / company. It's a touchy topic. Is that right OP? – Ken - Enough about Monica Jul 23 '20 at 16:01
1 Answers
2
You are basically asking if it is ok to ignore FIPS 140-2 requirements for a specific task, the actual way you do this does really not matter. It is unknown if this is acceptable or not in your specific use case. But at least you can no longer claim that all the cryptographic operations you do on the machine conform to FIPS 140-2 requirements.
Steffen Ullrich
- 201,479
- 30
- 402
- 465