azure-sdk
commented
2 years ago Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'Docs:0.10000186,Azure.Core:0.0611055,Compute:0.053724825'
Closed iotmani closed 2 years ago
azure-sdk
commented
2 years ago Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'Docs:0.10000186,Azure.Core:0.0611055,Compute:0.053724825'
tjprescott
commented
2 years ago Hi @iotmani that's a great question. @xiangyan99 can you look into this?
xiangyan99
commented
2 years ago Are you asking if our SDK libraries can work under FIPS mode?
Could you tell us which libraries are you using?
My understanding is that FIPS mode needs to be enabled at the OpenSSL level.
Most libraries should continue to work.
But some of our libraries make OpenSSL part of the package we ship (e.g. uAMQP) hence they will not work under FIPS mode.
iotmani
commented
2 years ago Hello @xiangyan99, Thanks for the response.
Yes I'm wondering whether they'd work in FIPS mode or at the least if TLS >=1.2 is used when it's supported (which looks to be the case as requests picks the best one supported by the management.azure.com server for API calls).
To my knowledge, none of the packages we use come with their own OpenSSL libraries, but please do correct me if I'm wrong:
azure-common
azure-core
azure-identity
azure-mgmt-costmanagement
azure-mgmt-compute
azure-mgmt-monitor
azure-mgmt-network
azure-mgmt-resourcegraph
azure-mgmt-sql
azure-mgmt-storage
azure-mgmt-web
azure-storage-blob
msrestazureRegards, IO.
xiangyan99
commented
2 years ago Thank you for the information @iotmani .
You are right. None of the libraries has OpenSSL baked into the package.
They work with TLS >= 1.2. (To clarify, they don't require TLS >= 1.2. If both service and OS support TLS >= 1.2, they will use TLS 1.2 automatically).
ghost
commented
2 years ago Hi @iotmani. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.
iotmani
commented
2 years ago Excellent, thanks very much!
Hello,
[I was directed by Azure support case 2204280010000006 to open a GitHub issue for this].
I have a question regarding the azure-sdk-for-python, we use the clients in there to fetch millions of metrics per minute from Azure for us as well as on behalf of our customers.
We're in the process of doing an audit for FIPS 140-2 compliance, and want to confirm if the Python SDK Client code makes FIPS compliant connections to Azure (e.g. TLS 1.2+, and if possible which version at a minimum we should be using in order to be FIPS 140-2 compliant.
This might be a question for the Engineering Azure Python SDK team which maintains the open-source repository https://github.com/Azure/azure-sdk-for-python.
Note that the scope is only the connection between the SDK Client and Azure endpoints is what's at interest here, not whether services within Azure are or are not FIPS 140-2 compliant.
Thanks in advance, I.O.