On 12/9/20 4:51 AM, Aravindhan Krishnan wrote: > The paid version I had mentioned about was the paid OS (ubuntu) for FIPS > compliancy. I understand that postgres as is completely available for open-source. > > Since we can't get the paid version of the OS to support FIPS compliancy the > idea was to build postgres against FIPS compliant SSL/crypto of 1.0.2g and get > it to work on ubuntu 20.04 for which I was interested in the configure option. Actual FIPS compliance is held by the distributor of the SSL library you use. While you can, for example, configure a CentOS 7 system to be in "FIPS mode", it is still not "FIPS compliant" if you didn't get the bits (the SSL library itself) from Red Hat (which you did not if you are running CentOS). The situation is the same with Ubuntu, except as far as I am aware you cannot even get your hands on the SSL library for "FIPS mode" from Ubuntu unless you pay them, unlike CentOS. So no matter what you do with Postgres itself, you will not be FIPS compliant without paying RHEL/Ubuntu/SUSE or getting your stack certified yourself (which is not likely something you will want to do and would cost you more anyway). HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Attachment:
signature.asc
Description: OpenPGP digital signature
