Is caddyserver FIPS compliant?

1. Caddy version (caddy version):

Latest version

2. How I run Caddy:

Docker image on windows.

a. System environment:

Windows Server 2019, Docker

b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

Paste config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.

3. The problem I’m having:

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

I think so? You’ll have to be more specific. There’s different versions of FIPS.

I believe PCI DSS requires some form of FIPS compliance, and Caddy is PCI-DSS compliant:
https://www.immuniweb.com/ssl/caddyserver.com/lI5hzHft/

Okay. Any version of FIPS support is fine for me. Thank you @matt

The certification isn’t about the software itself, rather it’s about the system overall and how you configure the various software/components that make up the system. FIPS seems to allow only a subset of ciphers and algorithms. At first glance, it seems that Caddy’s default config should be compliant out of the box (see list of ciphers on this page: tls (Caddyfile directive) — Caddy Documentation).

2 Likes