FIPS 140-2 Compliance in Kong Gateway

The Federal Information Processing Standard (FIPS) 140-2 is a federal standard defined by the National Institute of Standards and Technology. It specifies the security requirements that must be satisfied by a cryptographic module. The FIPS Kong Gateway package is FIPS 140-2 compliant. Compliance means that Kong Gateway only uses FIPS 140-2 approved algorithms while running in FIPS mode, but the product has not been submitted to a NIST testing lab for validation.

Kong Gateway Enterprise provides a FIPS 140-2 compliant package for Ubuntu 20.04v3.1+, Ubuntu 22.04, Red Hat Enterprise 9v3.4+, and Red Hat Enterprise 8v3.1+. This package provides compliance for the core Kong Gateway product and all out of the box plugins. For more information, see the Kong Gateway install page.

The package uses the OpenSSL FIPS 3.0 module OpenSSL to provide FIPS 140-2 validated cryptographic operations.

Note: In Kong Gateway 3.9.x or earlier, FIPS is not supported when running Kong Gateway Enterprise in free mode.

To start in FIPS mode, set the following configuration property to on in the kong.conf configuration file before starting Kong Gateway:

fips = on # fips mode is enabled, causing incompatible ciphers to be disabled

You can also set this configuration using an environment variable:

export KONG_FIPS=on

Migrating from non-FIPS to FIPS mode and backwards is not supported.

The following table describes how Kong Gateway uses key derivation functions:

[1]: As of Kong Gateway FIPS 3.0, RBAC uses PBKDF2 as password hashing algorithm.

[2]: As of Kong Gateway FIPS 3.1, the oauth2 plugin disables the hash_secret feature, so you can’t turn it on. This means password will be stored plaintext in the database; however, you can choose to use secrets management or database encryption instead.

[3]: As of Kong Gateway FIPS 3.1, key-auth-enc uses SHA1 to speed up lookup of a key in DB. As of Kong Gateway FIPS 3.2, SHA1 support is “read-only”, meaning existing credentials in DB are still validated, but any new credentials will be hashed in SHA256.

Important: If you are migrating from Kong Gateway 3.1 to 3.2 in FIPS mode and are using the key-auth-enc plugin, you should send PATCH or POST requests to all existing key-auth-enc credentials to re-hash them in SHA256.

FIPS only defines the approved algorithms to use for each specific purpose, so FIPS policy doesn’t explicitly restrict the usage of cryptographic algorithms to only cases where they are necessary.

For example, using SHA-256 as the message digest algorithm is approved, while MD5 is not. However, that doesn’t mean MD5 must be completely absent from the application. For instance, the FIPS 140-2–approved version of BoringSSL permits MD5 when used with TLS protocol versions 1.0 and 1.1.

The following table explains where cryptographic algorithms are used for non-cryptographic purposes in Kong Gateway:

FIPS 140-2 only mentioned SSL server, which is already supported in Kong Gateway FIPS 3.0. FIPS specification isn’t designated for SSL clients, so there isn’t specific handling of these in Kong Gateway.

This includes:

• Using Lua to talk in HTTPS and PostgreSQL SSL
• Using an upstream that proxies in HTTPS