FIPS 140-2 Supported Platforms
Vertica 9.3.x and 10.0.x do not support FIPS because of a limitation with OpenSSL. If you need FIPS support, install or upgrade to 10.1.1 or above.
If you install or upgrade from Vertica 9.2.x to Vertica 10.0. on a FIPS-enabled machine, you may encounter the following error: "Upgrading to Vertica 10.0.x-xxxxxxxx on a FIPS system is not supported." To resolve this, you must downgrade to Vertica 9.2.x: uninstall the Vertica RPM on every node in the cluster and then reinstallVertica 9.2.x.
Vertica 9.2.x uses a certified OpenSSL FIPS 140-2 cryptographic module to meet the security standards set by the National Institute of Standards and Technology (NIST) for Federal Agencies in the United States or other countries. Vertica links with OpenSSL 1.0.x to perform cryptographic operations. The minor version might change depending on the Vertica hotfix version and your operating system configuration. When operating in FIPS mode, Vertica relies on Red Hat Enterprise Linux's FIPS configuration to ensure a FIPS-certified version of OpenSSL 1.0 is present in the environment.
Vertica has tested FIPS mode with the following FIPS-compliant operating systems and OpenSSL versions:
- Red Hat Enterprise Linux 6.6 using OpenSSL 1.0.1e
- Red Hat Enterprise Linux 7.8 using OpenSSL 1.0.2k
FIPS-enabled Vertica requires the following:
- A user-generated certificate signed by an approved Certificate Authority
- TLS 1.2 to support the server-client connection for a FIPS-enabled system
Supported Drivers
Vertica supports the following client drivers for FIPS-compliance:
- vsql
- ODBC
- JDBC
FIPS-enablement is not supported in the Management Console.
For more information see Federal Information Processing Standard.