drbd-utils icon indicating copy to clipboard operation
drbd-utils copied to clipboard
verified publisher icon LINBIT

DRBD uses openssl or gnutls?

Open ShreyBansal22 opened this issue 1 year ago • 1 comments

Hi, I have doubt is DRBD FIPS compliant? As DRBD uses openSSL to generate certificate but for tcp encyption consumes tlshd user land library which is dependent on GNU-TLS. Can anyone confirm what is the actual thing.

Regards, Shrey [email protected]

ShreyBansal22 avatar May 27 '24 09:05 ShreyBansal22

To answer your questions:

  • The DRBD kernel module does not do any cryptography, it instead just enables "Kernel TLS offload". If that is FIPS compliant depends on your kernel. I believe RedHat kernels are generally certified in that regard.
  • tlshd does the TLS handshake, and uses GnuTLS internally. So that again depends on the FIPS compliance of your GnuTLS version. Again, I believe RedHat certified it for their distributions.

So no, we do not use OpenSSL and we should be FIPS compliant provided your OS is FIPS compliant.

WanzenBug avatar May 31 '24 08:05 WanzenBug