[
https://issues.apache.org/jira/browse/FLINK-35626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser updated FLINK-35626:
-----------------------------------
Priority: Not a Priority (was: Minor)
> Add support for FIPS
> --------------------
>
> Key: FLINK-35626
> URL: https://issues.apache.org/jira/browse/FLINK-35626
> Project: Flink
> Issue Type: New Feature
> Components: Documentation
> Reporter: Mark
> Priority: Not a Priority
>
> In order to be able to use Apache Flink in certain environments with strict
> compliance requirements, the application may need to be compliant with
> FIPS-140-2.
> The path to produce a FIPS complaint image can vary, depending on the
> programming language and application itself. For Java, this may involve:
> * For any bundled crypto, utilising FIPS versions, i.e the FIPS version of
> BouncyCastle (bcfips). Alternatively, ensuring there is no bundled crypto,
> and all operations fallback to the JRE / OpenSSL on the host
> * Where keystores are required, support for creating bckfs keystore types
> * Producing a base image with OpenSSL configured for FIPS, as well as a JRE
> configured for FIPS (such as bcfips)
> * No use of unapproved crypto algorithms, such as DES, MD5, SHA1 etc
> It would be great if Flink was able to support FIPS - by that, I mean
> ensuring all requirements are met, and some documentation outlining how this
> is met and enforced.
> From a quick scan of the codebase, I don't see any direct references to
> bouncycastle (either non-fips or fips), but I do see several places where md5
> and sha1 are used for example.
> Support for FIPS would increase the use-cases for deploying Flink in secure
> environments. Thanks for taking this into consideration.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
