[SERVER-2524] FIPS-Enabled Puppet Server Side Created: 2018/02/06  Updated: 2020/02/14

Status: Open
Project: Puppet Server
Component/s: None
Affects Version/s: None
Fix Version/s: SERVER 6.y

Type: Epic Priority: Critical
Reporter: Josh Cooper Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to PUP-7510 FIPS-Enabled Puppet Closed
relates to ENTERPRISE-1249 Puppet Master Installation on FIPS en... Closed
Epic Name: FIPS-Enabled Puppet Server Side
Epic Status: To Do
QA Risk Assessment: Needs Assessment


The problem is that customers using our Puppet and Puppet Enterprise packages cannot meet the FIPS 140-2 requirements because we roll our own OpenSSL and do not link against the OpenSSL provided with RHEL. This causes them to fail "FISMA High" compliance standards.

This epic is the place to gather the stream of work required to remediate this issue, although some implications (such as for puppet-server) will require tickets outside the PUP jira project.

See also PUP-7510 for FIPS-Enabled Puppet Agent

Generated at Tue Jul 14 03:17:08 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.