Opensource RabbitMQ FIPS support

[Vishnu Vardhan]

Hi,

In the recent discussion about FIPS support for RabbitMQ opensource I have got this response that FIPS feature is supported only in the enterprise version and if any user wants to use RabbitMQ in FIPS enabled cluster they should opt for this VMware Tanzu RabbitMQ enterprise version. (https://github.com/rabbitmq/rabbitmq-server/discussions/11876#discussioncomment-10213911)

Another ticket where it is suggested to use enterprise version - https://groups.google.com/g/rabbitmq-users/c/ij3eSV8SnVw/m/lkOoJ1kABAAJ

But this webpage(Erlang Version Requirements | RabbitMQ) regarding RabbitMQ and Erlang version compatibility matrix talks about FIPS support and according to my understanding it conveys that erlang 26.1 and later versions supports FIPS mode on OpenSSL-3 (which is actually what I am using and OpenSSL is enabled with FIPS provider) and RabbitMQ opensource application should work fine and there is no mention about enterprise RabbitMQ requirement for FIPS usage.

Please confirm on the above topic (FIPS support for opensource RabbitMQ)

[Luke Bakken]

Hello,

You are completely on your own if you wish to use OSS RabbitMQ with FIPS.

Thanks,

Luke

Team RabbitMQ

[Vishnu Vardhan]

Thanks for the response, in that case I believe that documentation

 ( https://www.rabbitmq.com/docs/which-erlang - 

• Erlang 26.1 and later versions supports FIPS mode on OpenSSL 3

 )  

needs to be updated saying that this feature in available only in enterprise version.

[Michal Kuratczyk]

This information is correct so I'm not sure there's anything to fix. RabbitMQ doesn't implement cryptography - Erlang/OTP provides it through OpenSSL.

You can make it work without purchasing the enterprise version but we are not going to invest time in guiding every user who wants FIPS,

how to accomplish this with their RabbitMQ version, Erlang/OTP version, OpenSSL version and operating system version (since OpenSSL is shared

by different things on your machine, it gets tricky if the OpenSSL version you need for FIPS is not the version shipped with the OS).

Tanzu RabbitMQ packages contain all those components already tested and configured to work together, so you don't need to worry about this.

Best,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/25fa7b7a-2c10-4695-9bef-e6bcb9a35b19n%40googlegroups.com.

--

Michal

RabbitMQ Team

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.