Add "FIPS 140-2" option for HTTPS load balancer TLS security

A common requirement asked by government agencies and vendors is to be FIPS 140-2 compliant or "enforce" FIPS 140-2 compliance. From an NGINX perspective, the response was to suggest enabling FIPS mode on the OS (e.g. OpenSSL) which would disallow NGINX from using insecure cryptographic algorithms.

The idea here would be to have a drop down menu option specifically for FIPS 140-2 compliance so that it becomes a simple check box item instead of having to deal with OS + configuration level details.

This is a "nice to have" when dealing with US Government agencies and vendors.

Priority: Low

  • Matt Kryshak
  • Aug 15 2020
  • Attach files