My recollection from previous times was that FIPS-140-2 compliant implementations must be "certified". I thought that required that a FIPS-140-2 implementation had to be purchased and included into the product that was intended to be FIPS-140-2 compliant. Jenkins has not purchased a FIPS-140-2 compliant library. It uses open source implementations of cryptographic algorithms.
However, my exposure to that requirement was quite brief and may be entirely incorrect. Mark Waite On Wed, Feb 13, 2019 at 11:43 AM Dunnigan (US), Terrence J < terrence.j.dunni...@boeing.com> wrote: > Thanks for the suggestion! We tried it and the ssh command said it wasn’t > allowed to use ed25519 in FIPS mode. We’ve connected via JNLP so perhaps > the issue has been sidestepped. > > > > Thanks again, > > > > Terry > > > > *From:* jenkinsci-users@googlegroups.com [mailto: > jenkinsci-users@googlegroups.com] *On Behalf Of *Mark Waite > *Sent:* Monday, February 11, 2019 1:55 PM > *To:* Jenkins Users <jenkinsci-users@googlegroups.com> > *Subject:* Re: Does the SSH Agents plugin support FIPS 140-2? > > > > Try with an ed25519 private key. Some online docs suggest that ed25519 is > FIPS-140-2 approved. > > > > On Mon, Feb 11, 2019, 12:13 PM Dunnigan (US), Terrence J < > terrence.j.dunni...@boeing.com wrote: > > Hi all, > > > > Does the SSH Slaves plugin support FIPS 140-2 ( > https://en.wikipedia.org/wiki/FIPS_140-2) ? In my case I have a Windows > VM running Jenkins trying to connect to a RHEL7 VM with FIPs enabled. I’m > getting SSH authentication errors, and the RHEL logs suggest that the > Jenkins SSH Slaves plugin is not using a FIPS-approved protocol. > > > > Thanks, > > > > Terry > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/d8563d21c76647e3ba72cedb130194b7%40boeing.com > <https://groups.google.com/d/msgid/jenkinsci-users/d8563d21c76647e3ba72cedb130194b7%40boeing.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtE01W915PZv3BMPEJWfrzbKgFDRTWt%2BZw%3DwFmYJPYYPWA%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtE01W915PZv3BMPEJWfrzbKgFDRTWt%2BZw%3DwFmYJPYYPWA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/f3d19fd5ecef40cf90150a95b688394d%40boeing.com > <https://groups.google.com/d/msgid/jenkinsci-users/f3d19fd5ecef40cf90150a95b688394d%40boeing.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Thanks! Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtE0aGBHbAYHrdngEURC8sG7ma1O75F6%3DAfOozYM-YXYsg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
