FIPS 140 validation of gRPC
46 views
Skip to first unread message
Bill Fanelli
Jan 27, 2020, 2:10:33 PM1/27/20
to grpc.io
I am trying to determine if gRPD supports FIPS 140 validated encryption. For our organization, as long as the underlying cryptographic modules (CMs) are FIPS 140 validated, then we are good to go. From my (brief) survey of the GitHub site, it appears that gRPC has BoringSSL CM embedded. BoringSSL is FIPS validated.
Question: Can anyone point me to where the use of BoringSSL is documented? Hopefully I will be able to determine how the BoringSSL CM is used (or can be configured to be used).
All other insights on this topic also welcome.
Nicolas Noble
Jan 27, 2020, 4:12:19 PM1/27/20
to Bill Fanelli, grpc.io
It highly depends on how you're building gRPC and / or getting your binaries.
If you're building through CMake (which I guess is what your "CM" means, maybe?), then you can specify what you are doing exactly:
If you're building through CMake (which I guess is what your "CM" means, maybe?), then you can specify what you are doing exactly:
When using cmake, you can either build BoringSSL from a cmake module, or import OpenSSL as a package, using the cmake variable "gRPC_SSL_PROVIDER". That file should be sort of self-documenting, but there is a few more info here: https://github.com/grpc/grpc/blob/master/doc/ssl-performance.md
--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/89720e28-98af-46ee-881f-0ecab9ba9b4a%40googlegroups.com.
Bill Fanelli
Jan 29, 2020, 8:45:48 AM1/29/20
to grpc.io
Thanks! That is hery helpful.
BTW - CM stands for "cryptographic module".
On Monday, January 27, 2020 at 4:12:19 PM UTC-5, Nicolas Noble wrote:
It highly depends on how you're building gRPC and / or getting your binaries.
If you're building through CMake (which I guess is what your "CM" means, maybe?), then you can specify what you are doing exactly:When using cmake, you can either build BoringSSL from a cmake module, or import OpenSSL as a package, using the cmake variable "gRPC_SSL_PROVIDER". That file should be sort of self-documenting, but there is a few more info here: https://github.com/grpc/grpc/blob/master/doc/ssl-performance.md
On Mon, Jan 27, 2020 at 11:10 AM Bill Fanelli <gsa.bil...@gmail.com> wrote:
I am trying to determine if gRPD supports FIPS 140 validated encryption. For our organization, as long as the underlying cryptographic modules (CMs) are FIPS 140 validated, then we are good to go. From my (brief) survey of the GitHub site, it appears that gRPC has BoringSSL CM embedded. BoringSSL is FIPS validated.--Question: Can anyone point me to where the use of BoringSSL is documented? Hopefully I will be able to determine how the BoringSSL CM is used (or can be configured to be used).All other insights on this topic also welcome.
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grp...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages