[
https://issues.apache.org/jira/browse/CASSANDRA-20512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17940916#comment-17940916
]
Stefan Miklosovic commented on CASSANDRA-20512:
-----------------------------------------------
-FIPS dependency does not seem to break anything so far.
[CASSANDRA-20512|https://github.com/instaclustr/cassandra/tree/CASSANDRA-20512]
{noformat}
java17_pre-commit_tests
✓ j17_build 5m 54s
✓ j17_cqlsh_dtests_py311 6m 59s
✓ j17_cqlsh_dtests_py311_vnode 7m 32s
✓ j17_cqlsh_dtests_py38 7m 16s
✓ j17_cqlsh_dtests_py38_vnode 7m 25s
✓ j17_cqlshlib_cython_tests 7m 59s
✓ j17_cqlshlib_tests 10m 9s
✓ j17_dtests_vnode 42m 23s
✓ j17_unit_tests 15m 30s
✓ j17_utests_latest 15m 49s
✓ j17_utests_oa 15m 14s
✕ j17_dtests 39m 43s
refresh_test.TestRefresh test_refresh_deadlock_startup
✕ j17_dtests_latest 42m 47s
largecolumn_test.TestLargeColumn test_cleanup
✕ j17_jvm_dtests 29m 30s
org.apache.cassandra.fuzz.sai.MultiNodeSAITest mixedFilteringSaiTest
TIMEOUTED
✕ j17_jvm_dtests_latest_vnode 27m 16s
org.apache.cassandra.fuzz.sai.MultiNodeSAITest indexOnlySaiTest TIMEOUTED
{noformat}
[java17_pre-commit_tests|https://app.circleci.com/pipelines/github/instaclustr/cassandra/5722/workflows/f76825f8-61cf-42c0-85e3-e4926ff4ef10]
I think that we should not _force_ people to use -FIPS version of it, we might
just ship it along and there might be a switch to flip to use that if somebody
wants to opt-in.
I want to also reach LEGAL to ask if there are any blockers as in shipping
-FIPS version of it in tarball. No clue how it works on that front.
> Investigate the usage of FIPS-certified Amazon Corretto Crypto Provider
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-20512
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20512
> Project: Apache Cassandra
> Issue Type: Task
> Components: Legacy/Core
> Reporter: Stefan Miklosovic
> Priority: Normal
>
> We are using version 2.2.0 which is almost 2 years old. There is 2.5.0
> already.
> What is very interesting is that from 2.3.0, they are also offering
> FIPS-certified version of that. (1, 2, 3).
> (1)https://github.com/corretto/amazon-corretto-crypto-provider?tab=readme-ov-file#notes-on-accp-fips
> (2)
> https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4816
> (3) https://github.com/aws/aws-lc/blob/main/crypto/fipsmodule/FIPS.md
> https://central.sonatype.com/artifact/software.amazon.cryptools/AmazonCorrettoCryptoProvider-FIPS/2.5.0/versions
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
