Hey everyone, I have, what I would imagine, is a simple question - yet I cannot find an answer anywhere in the documentation. Is the PritUNL server FIPS 140-2 compliant? I know there’s an OpenSSL FIPS module, but I don’t see any mention of it.
Configuring FIPS would require significant modifications, there’s no plans on adding support for it. The high security environment documentation has more information on configuring security options.
Thank you for the response. That’s unfortunate. We have a push to become DFARS certified, and one of the requirements is a FIPS 140-2 compliant VPN.
The FIPS 140-2 is a standard for evaluating the efficacy of cryptographic devices. It is the industry standard for securing digital data and maintaining communication system integrity. Before being certified as compliant, cryptographic modules must fulfill stringent performance, security, and availability standards. The PritUNL server itself is not FIPS 140-2 certified. It relies on OpenSSL for its cryptography, and while there is an OpenSSL FIPS 140-2 validated module, PritUNL does not specifically advertise support or certification for running in a FIPS-compliant mode. If strict FIPS 140-2 compliance is required, you would need to verify that the server is built and configured against the OpenSSL FIPS module.