https://github.com/arhea/fips-endpoint-probe

CLI tool to probe an endpoint for FIPS 140-2 support
https://github.com/arhea/fips-endpoint-probe

Last synced: 9 months ago
JSON representation

CLI tool to probe an endpoint for FIPS 140-2 support

Host: GitHub
URL: https://github.com/arhea/fips-endpoint-probe
Owner: arhea
License: mit
Created: 2020-06-02T17:59:16.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2020-06-08T22:19:26.000Z (about 6 years ago)
Last Synced: 2025-03-11T08:50:13.598Z (over 1 year ago)
Language: Shell
Size: 17.6 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# FIPS 140-2 Endpoint Test

This simple CLI tool checks a provided endpoint against NIST and FedRAMP approved ciphers that are supported by OpenSSL. I recommend the following items to achieve FIPS 140-2 compliant endpoints:

- Use TLS 1.2 or greater. TLS 1.0 and TLS 1.1 are deprecated by NIST and set to be unapproved in 2023.
- Do not use SSLv2 or SSLv3
- Do not use weak or null ciphers
- The operating system should be in FIPS 140-2 mode, running a FIPS 140-2 validated version (`1.0.2k-fips`) of OpenSSL

To view the list of approved ciphers, run the following command:

```bash
./testfips.sh list-approved
```

To view the list of deprecated ciphers, run the following command:

```bash
./testfips.sh list-approved
```

## Usage

*Note: This script requires Bash>=4.0. We recommend installing a newer version of Bash via Homebrew or your local package manager.*

```bash
# clone the repository
git clone --recurse-submodules https://github.com/arhea/fips-endpoint-probe/

# change into the repository folder
cd fips-endpoint-probe

# run a command
./testfips.sh help
```

**Example:**
```bash
./testfips.sh run s3-fips.us-gov-west-1.amazonaws.com
```

## What is FIPS 140-2?

The Federal Information Processing Standard Publication 140-2, FIPS PUB 140-2, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

For more information, visit the [FIPS 140-2 Wikipedia Page](https://en.wikipedia.org/wiki/FIPS_140-2).

## License

This library is licensed under the MIT-0 License. See the [LICENSE file](./LICENSE).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/arhea/fips-endpoint-probe

Awesome Lists containing this project

README