You are browsing documentation for an older version.
See the latest documentation here.
FIPS 140-2
The Federal Information Processing Standard (FIPS) 140-2 is a federal standard defined by the National Institute of Standards and Technology. It specifies the security requirements that must be satisfied by a cryptographic module. The FIPS Kong Gateway package is FIPS 140-2 compliant. Compliance means that the software has met all of the rules of FIPS 140-2, but has not been submitted to a NIST testing lab for validation.
Kong Gateway Enterprise provides a FIPS 140-2 compliant package for Ubuntu 20.04 , Ubuntu 22.04 , and Red Hat Enterprise 8 . This package provides compliance for the core Kong Gateway product .
The package uses the OpenSSL FIPS 3.0 module OpenSSL to provide FIPS 140-2 validated cryptographic operations.
Installing the Kong Gateway FIPS compliant package
The FIPS compliant Ubuntu 20.04 package can be installed using the package distinctively named kong-enterprise-edition-fips
. To install the package follow these instructions:
- Set up the Kong APT repository:
curl -1sLf "https://packages.konghq.com/public/gateway-31/gpg..key" | gpg --dearmor >> /usr/share/keyrings/kong-gateway-31-archive-keyring.gpg
curl -1sLf "https://packages.konghq.com/public/gateway-31/config.deb.txt?distro=ubuntu&codename=$(lsb_release -sc)" > /etc/apt/sources.list.d/kong-gateway-31.list
- Update the repository:
-
Install the Kong Gateway FIPS package:
apt install -y kong-enterprise-edition-fips=3.1.1.6
The FIPS compliant Red Hat 8 package can be installed using the package distinctively named kong-enterprise-edition-fips
. To install the package follow these instructions:
-
Download the FIPS package:
curl -Lo kong-enterprise-edition-fips-3.1.1.6.rpm $(rpm --eval https://packages.konghq.com/public/gateway-31/rpm/el/%{rhel}/x86_64/kong-enterprise-edition-fips-3.1.1.6.el%{rhel}.x86_64.rpm)
-
Install the Kong Gateway FIPS package:
yum install kong-enterprise-edition-fips-3.1.1.6
-
Set up the Kong Yum repository:
curl -1sLf "https://packages.konghq.com/public/gateway-31/config.rpm.txt?distro=el&codename=$(rpm --eval '%{rhel}')" | sudo tee /etc/yum.repos.d/kong-gateway-31.repo
sudo yum -q makecache -y --disablerepo='*' --enablerepo='kong-gateway-31'
-
Install the Kong Gateway FIPS package:
yum install kong-enterprise-edition-fips-3.1.1.6
To start in FIPS mode, set the following variable to on
in the kong.conf
configuration file before starting Kong Gateway.
fips = on # fips mode is enabled, causing incompatible ciphers to be disabled
You can also use an environment variable:
Migrating from non-FIPS to FIPS mode and backwards is not supported.