You are browsing documentation for an older version. See the latest documentation here.
FIPS 140-2
Available with Kong Gateway Enterprise subscription - Contact Sales
The Federal Information Processing Standard (FIPS) 140-2 is a federal standard defined by the National Institute of Standards and Technology. It specifies the security requirements that must be satisfied by a cryptographic module. The FIPS Kong Gateway package is FIPS 140-2 compliant. Compliance means that the software has met all of the rules of FIPS 140-2, but has not been submitted to a NIST testing lab for validation.
Kong Gateway Enterprise provides a FIPS 140-2 compliant package for Ubuntu 20.04 , Ubuntu 22.04 , and Red Hat Enterprise 8 . This package provides compliance for the core Kong Gateway product .
The package uses the OpenSSL FIPS 3.0 module OpenSSL to provide FIPS 140-2 validated cryptographic operations.
Installing the Kong Gateway FIPS compliant package
Configure FIPS
To start in FIPS mode, set the following variable to on
in the kong.conf
configuration file before starting Kong Gateway.
fips = on # fips mode is enabled, causing incompatible ciphers to be disabled
You can also use an environment variable:
export KONG_FIPS=on
Migrating from non-FIPS to FIPS mode and backwards is not supported.