Misc #19608
closedBeing a co-maintainer of the ruby/openssl for the OpenSSL FIPS mode
Description
Motivation and context¶
Recently I have been working for the ruby/openssl to support OpenSSL 3 FIPS mode such as sending pull-requests and reporting issues to the OpenSSL project. The related issue ticket is here.
Currently a challenge of the ruby/openssl is that it doesn't work well on the OpenSSL FIPS mode, and I want ruby/openssl to work on it by adding the OpenSSL 3 FIPS mode case to the CI, and by adding more FIPS related unit tests and features. To solve this challenge, I would like to be a co-maintainer of the ruby/openssl for the FIPS mode related things. What do you think?
What is FIPS mode?¶
For someone who is interested in knowing the FIPS mode. Let me share the related documents below. In my understanding, FIPS mode is a security policy developed by US government. In some cases, the shipped Linux OS systems need to follow this policy. And OpenSSL has a feature to enable the FIPS mode. The README is here. And there can be FIPS specific issues in the ruby/openssl with the OpenSSL FIPS mode enabled.
FIPS related documents:
Past FIPS related issue tickets¶
As a reference, I just found some old issue tickets below. It is about OpenSSL 1.0 and 1.1 FIPS mode.