stewartsmith
commented
2 months ago BoringSSL is very unlikely to be added anywhere in Amazon Linux.
We aim to reduce the number of cryptographic libraries that are required, not increase that number.
Open mvhowardAWS opened 3 months ago
stewartsmith
commented
2 months ago BoringSSL is very unlikely to be added anywhere in Amazon Linux.
We aim to reduce the number of cryptographic libraries that are required, not increase that number.
mvhowardAWS
commented
2 months ago The ask is a packaged, FIPS-compliant version, of Envoy Proxy. Envoy uses BoringSSL today so that's how it can be built and enabled for FIPS. However, the AWS App Mesh team built a binary using AWS-LC in FIPS mode per this comment. Perhaps the native package can be built from that?
stewartsmith
commented
2 months ago aws-lc has issues with being packaged for distros at the present time, so also isn't suitable.
What package is missing from Amazon Linux 2023? Please describe and include package name. Envoy Proxy. Specifically, offer a package version that is built in FIPS mode. Guidance on how to build using FIPS is here.
Is this an update to existing package or new package request? New package request
Is this package available in Amazon Linux 2? If it is available via external sources such as EPEL, please specify. No
Any additional information you'd like to include. (use-cases, etc) Envoy is a service proxy used to facilitate communications between microservices. Currently, Envoy does not offer formal packages and it has to be built from source as instructed here. Instead of building, it would be preferred that this is a native package within the Amazon Linux 2023 repo.