Confd with OpenSSL 3.0 FIPS Module

ktran · April 11, 2022, 6:02pm

Is there a version of Confd that will work with the new OpenSSL 3.0 FIPS Module?

I have read through the “Confd For High Security Applications” document and see that it references OpenSSL FIPS 2.0.16 (with openssl 1.0.2).

waitai · April 11, 2022, 8:32pm

There is no released version of ConfD that works with the new OpenSSL 3.0 FIPS module. This isn’t yet on the ConfD roadmap.

matth · December 22, 2022, 7:53pm

Is there an update on the plans to support OpenSSL 3.0 with FIPS? Several new versions of Linux distributions are shipping with OpenSSL 3.0 by default (e.g., Ubuntu 22.04).

I tried disabling FIPS when building the crypto.so, but I’m still seeing an error when starting confd.

make FIPS_LIBCRYPTO=no crypto
make install_crypto

=ERROR REPORT==== 22-Dec-2022::14:52:55.901736 ===
Unable to load crypto library. Failed with error:
"load_failed, Failed to load NIF library: '/opt/confd/lib/confd/lib/core/crypto/priv/lib/crypto.so: undefined symbol: FIPS_mode'"
OpenSSL might not be installed on this system.

Regards,
Matt

josephm · January 4, 2023, 1:07pm

hello,
there are no current plans to support OpenSSL 3.0.