Skip to content
|
You are browsing the Kong Gateway documentation archive. This documentation is no longer actively maintained.
See the latest Kong Gateway documentation.
Kong Gateway
3.0.x

PermalinkFIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 is a federal standard defined by the National Institute of Standards and Technology. It specifies the security requirements that must be satisfied by a cryptographic module. The FIPS Kong Gateway package is FIPS 140-2 compliant. Compliance means that the software has met all of the rules of FIPS 140-2, but has not been submitted to a NIST testing lab for validation.

Kong Gateway provides a FIPS 140-2 compliant package for Ubuntu 20.04 . This package provides compliance for the core Kong Gateway product .

The package uses the OpenSSL FIPS 3.0 module OpenSSL to provide FIPS 140-2 validated cryptographic operations.

PermalinkInstalling the Kong Gateway FIPS compliant Ubuntu package

The FIPS compliant Ubuntu 20.04 and Ubuntu 22.04 packages can be installed using the package distinctively named kong-enterprise-edition-fips. To install the package follow these instructions:

  1. Set up the Kong APT repository: 
     curl -1sLf "/gateway-/gpg..key" |  gpg --dearmor >> /usr/share/keyrings/kong-gateway--archive-keyring.gpg
 curl -1sLf "/gateway-/config.deb.txt?distro=ubuntu&codename=$(lsb_release -sc)" > /etc/apt/sources.list.d/kong-gateway-.list
  2. Update the repository: 
     sudo apt-get update

  3. Install the Kong Gateway FIPS package:

     apt install kong-enterprise-edition-fips

PermalinkConfigure FIPS

To start in FIPS mode, set the following variable to on in the kong.conf configuration file before starting Kong Gateway.

fips = on # fips mode is enabled, causing incompatible ciphers to be disabled

You can also use an environment variable:

export KONG_FIPS=on

Migrating from non-FIPS to FIPS mode and backwards is not supported.