Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRBD uses openssl or gnutls? #45

Open
ShreyBansal22 opened this issue May 27, 2024 · 1 comment
Open

DRBD uses openssl or gnutls? #45

ShreyBansal22 opened this issue May 27, 2024 · 1 comment

Comments

@ShreyBansal22
Copy link

Hi,
I have doubt is DRBD FIPS compliant?
As DRBD uses openSSL to generate certificate but for tcp encyption consumes tlshd user land library which is dependent on GNU-TLS. Can anyone confirm what is the actual thing.

Regards,
Shrey
shreybansal22@gmail.com
@WanzenBug
Copy link
Contributor

To answer your questions:

  • The DRBD kernel module does not do any cryptography, it instead just
    enables "Kernel TLS offload". If that is FIPS compliant depends on your
    kernel. I believe RedHat kernels are generally certified in that regard.
  • tlshd does the TLS handshake, and uses GnuTLS internally. So that
    again depends on the FIPS compliance of your GnuTLS version. Again, I
    believe RedHat certified it for their distributions.

So no, we do not use OpenSSL and we should be FIPS compliant provided
your OS is FIPS compliant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WanzenBug @ShreyBansal22