►
From YouTube: Istio Security Working Group Meeting 2019-06-12
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
So
today
we
have
three
items:
the
first
one.
We
just
made
a
new
release
last
week
on
1.0
and
1,001
tracks
to
fix
several
security
issues.
One
of
them
is
this.
What
I'm
saying
here
listing
here
some
signed
releases
wicked
transition,
the
other
one
is
to
fix.
Like
multipole,
we
are
running
multiple
Citadel's
in
the
system
they
money
they
may
use.
They
may
happen
to
use
different
routes.
That
problem.
A
A
First,
one
is
turning
the
East
yourself
son
routes,
the
wicked
lifetime.
Previously
we
had
told
our
customers
to
use
Citadel
in
two
modes
right.
The
first
mode
is
self
using
the
self
signed
certificate,
which
is
generally,
we
recommend
them
to
use
for
testing
and
at
that
hander
self-signed
certificates
have
one
year
in
fault
lifetime.
A
You
can
configure
that,
but
most
users
don't
know
how
to
configure
it,
and
also
it
didn't
do
a
good
job
on
exposing
them
to
health
parameters.
So
this
ends
up.
Some
of
our
customers
are
using
the
default
one,
their
self
signed
with
the
one
year
experiment
and
whenever
you
start
use,
you
steal
that
certificate
is
created
and
it's
written
into
the
system
is
written
into
their
secret,
which
is
called
CIA
secret
in
Easter
system
namespace,
and
when
I
will
do
an
upgrade.
A
Gasps
secret
doesn't
change
because
you're,
because
if
you
are
changing
that
secret,
if
you're
changing
the
route,
your
workloads
will
not
be
able
to
talk
to
each
other.
So
this
one
will
inspire
in
my
ear.
So
that
means,
if
you
installed
you
still
at
very
first
time
like
my
year
ago.
Basically,
at
this,
and
now
it
will
inspire
some
wow,
our
customer
reached
out
to
us
to
see
to
say.
A
Oh
my
UTC
Spartan,
we
realized
this
is
of
the
issue,
and
then
we
made
this
change
made
this
basically
a
script
for
the
users
to
do
their
route
transition
and
made
their
announcement
last
week
the
new
transition
in
basically
the
idea
is,
we
don't
change
their
private
key
of
the
route,
but
we
generate
a
new
certificate.
Based
on
that
key.
The
solution
has
the
same
identity,
which
is
in
here
it's
the
organization
which
is,
or
whatever
you
sat
in
your
previous
route.
It
might
be
default,
one
clustered
of
local
or
your
own
trust
on
menu.
A
We
give
you
a
script
here
this
script.
You
can
use
that
to
test
your
current
system,
route,
calendar
or
use
difficut
how
long
the
rusa
Tikas
will
have
before
it
expires.
If
it's
going
to
the
expire
very
quickly,
I
we
highly
suggest
that
you
follow
this.
The
steps
in
here
to
do
a
real
transition
first
system.
It
won't
bring
any
downtime
to
your
clusters,
but
it
is
it
make
hearts
your
envoy
to
Hoth
restart
this
hot
restart
does
not
impact
their
short-lived
connections.
A
A
A
Execute
the
route
transition
is
fairly
simple.
Use
this
command
the
transition
command.
Do
remember
your
transition
command
for
the
wrongly
wants.
It
doesn't
make
sense
for
you
to
write
multiple
times,
because
that
way
all
bring
more.
That
means
you
are
notate,
basically
rotate
your
route
from
multiple
times,
so
what
this
route
transition
does
is,
as
I
described,
it
will
download
their
current
route
certificate
and
key
and
then
based
on
their
current
route
key.
A
It
will
generate
a
new
certificate
with
a
pin
year,
Experion
and
then,
after
that,
it
will
put
this
new
secret
into
the
system,
overwrite
the
old
one,
and
then
it
will
restart
Sileo
to
pick
up
the
new
route.
After
that,
Celia
will
propagate
their
new
routes
to
every
workload
we
say
during
the
transition
period.
A
There's
no
downtime,
because
as
long
as
you
are
all
certificate,
it's
still
working,
your
workloads
that
are
using
the
old
certificates
are
still
able
to
talk
to
their
workloads
using
the
new
certificates,
because
my
basically
checks
the
certificate
is
valid
based
on
their
public
key
class
identity,
so
that
neither
of
the
those
two
are
changed
during
their
rule
transition.
So
that
should
be
all
good
and.
A
After
that
is
number
three
verify
the
new
certificate,
our
workload
significance
are
generated.
We
can
do
their
verify
this
command.
You
can
do
it
for
many
times.
That's
fine!
It's
just
a
querying
other
secrets
in
the
system
and
see
if
they
are,
if
they
match
the
current
route
of
the
system.
If
they
match
this
one
will
say
is
updated.
A
A
A
This
step
is
a
necessary
because,
on
this
step
beyond
restarts,
third,
we
really
probably
there-
and
hopefully
it
will
restart
and
hope
that
some
control
plant
does
rican
troponin
components
they
may
not.
They
may
not
pick
up
their
new
certificate.
Timely
those
components
are
the
pilot
they're,
the
galley
and
that
hijacker.
So,
if
you
don't
do
this
step,
you
probably
want
to
restart
them
manually,
and
since
this
that
also
installs,
the
new
version
of
Steel
we
Holly
to
get
rid
of
the
gather
back
that
way.
A
I
talked
about
we're
highly
intuitive
I
would
highly
recommend
you
to
do
this
after
this
one.
It's
number
five
verify
the
new
workflow
certificates
are
loaded
by
amway.
If
you
are
seeing,
if
you
want
to
check
for
some
workloads,
if
that
employee
is
loading,
the
new
certificate,
you
can
run
this
command.
This
command
is
running
against
a
single
Envoy
instance.
So
I
think
it
will
be
helpful
for
you
to
maybe
do
some
debugging
or
something.
B
A
C
A
Actually
you
can,
but
we
didn't
publish
there.
You
will
need
to
follow
a
more
complicated
steps.
Basically,
you
need
to
generate
another
route
manually
and
then
for
that,
as
a
plugin
with
their
current
route,
both
tools
are
used
in
a
system
and
as
their
body
inserts
say,
they
are
well
promulgate
that
to
every
annoyed-
and
you
make
sure
every
envoy
is
picking
it
up.
Okay
and
then
you
do
the
transition.
Okay
got
it
yeah
it's
more
manual
and
they
submit
good
error-prone.
So
we
don't
recommend
it.
How
do
you
think
wait?
Okay,.
A
D
A
related
area,
what
are
the
things
that
we're
going
to
be
looking
at
soon
is
actually
making
certificates
or
citadel
support,
hierarchical
certificates,
but
also
relocation,
and
so
we
want
to
add
in
so.
This
is
more
for
kind
of
federated
workflows.
Really.
We
want
different
installations
to
have
separate
routes.
We
don't
want
to
share
the
routes
across
different
different
installations,
but
we
obviously
wanted
to
verify
against
each
other,
so
instead
the
need
for
hierarchical.
But
what
are
the
protections
against
that
is?
D
A
Cool
please
reach
out
to
us
and
we
can
do
some
planning
based
on
that.
We
have
previously
yeah.
We
previously
had
a
hierarchical
design
under
ZL,
and
actually
we
had
some
prototype
as
well,
but
we
didn't.
We
didn't
actually
make
that
mature
enough
for
users
to
use,
but
we
we
can.
If
you
have
requirements,
if
we
grab
the
requirements
from
customers,
we
can
proceed
on
that
track.
Yeah
that.
A
E
Yes,
that's
a
good
senior
guys
nice
media,
guys
again
and
I.
Think
I
got
paint
a
theme
here,
so
the
thing-
and
they
have
a
one
of
my
hair
she's-
been
wanting
us
to
this
issue,
and
what
we
try
to
get
out
of
this
is
that:
how
does
how
do
we
make
this
work
for
the
world
inside
mess
and
outside
mess,
and
the
fundamental
principle
way
we're
talking
about
is
like
hey?
How
can
we
on
board-
and
you
start
using
you-
steer
with
zero
code
change
to
an
existing
application?
F
G
Not
exactly
so
I
mean
use
case,
it
comes
with
permit
remove,
because,
when
we're
transitioning
from
apps
that
don't
have
MPLS
turned
on
to
apps
that
are
gonna
turn
it
on.
Then
we
want
a
clear
migration
path
so
and
when
we
switch
permissive
mood,
so
we
have
two
types
of
clients.
We
have
clients
that
are
also
there
are
part
of
the
mesh
and
that
are
talking
to
a
service
within
the
mesh,
and
in
this
case
both
the
client
and
server
have
a
nice
to
your
proxy
with
it.
G
And
then
we
also
have
clients
which
are
outside
the
mesh,
which
don't
have
an
issue
of
proxy,
but
they
are
also
talking
to
the
same
service
within
the
mesh
which
has
a
history
of
proxy.
So
with
the
new
with
the
permissive
mode.
What
we
saw
is
that
there
is
a
filter
chain
that
is
added,
which
requires
application
protocols
to
be
set
to
sto
for
any
client
to
communicate
with
that
server.
G
F
G
I'm
of
the
PR
that
I
saw
I
think
the
reasoning
behind
it
was
so,
if
you
scroll
to
the
bottom
I
just
mentioned
little
bit
so
previously
in
1:06,
we
saw
that
the
filter
chain
match
criteria
and
was
transport
protocol.
So
initially,
basically
everything
would
come
as
transport
protocol
TLS,
but
there
was
a
choir
meant
to
distinguish
between
a
client
that
is
doing
an
external
client
that
is
only
doing
TLS
and
not
doing
MPLS
did
that
client
to
do
TLS
and
half
the
termination
happen
on
the
app
itself
rather
than
on
this
chip
Roxie.
G
C
E
C
You,
okay,
so
I
mean
I,
think
that
we
are
still
gonna
end
up
with
some
customers
having
a
requirement
to
terminate
TLS
on
the
app
again
kind
of
for
for
very
similar
reasons
to
what
you're
talking
about
like
they
don't
want
to
make
ko
changes
to
their
app.
Their
app
is
expecting
TLS.
They
can't
really
touch
it.
So
we
we
do
need
to
still
support
the
use
case
to
allow
people
to
configure
the
proxy
to
pass
that
that
TLS
session
through
I.
C
Don't
think
that
that
necessarily
means
that
that
we
have
to
use
this
al
pn
method
to
do
that,
because
if,
if
the
proxy
knew
well
I'm
terminating
this
session
versus
like
being
configured
to
pass
the
session
through,
it
wouldn't
have
to
look
at
the
AL
PN
to
kind
of
know
dynamically,
whether
it
should
be
terminating
it
or
not,
yeah,
so
so,
yeah,
basically
like
I,
think
it.
We
could
probably
make
this
work,
but
we
do
need
to
maintain
the
ability
to
pass
that
through
the
terminate
TLS
on
the
application.
Yeah.
A
B
C
But,
but
we
don't
I,
don't
think
there
are
any
use
cases
that
I'm
aware
of
that
require
us
to
make
that
decision
at
connection
time
on
a
per
connection
basis.
I
think
that
that
in
general,
okay,
what
we're
hearing
is
is
an
application
either
is
expecting
to
see
TLS
or
is
expecting
to
see
plaintext
and
it's
sort
of
always
expecting
to
see
one
or
the
other
I
think.
F
One
of
the
reasons
we
had
that
is,
it
just
makes
sure
that
is
not
interfere
with
the
Gateway
policy.
If
that
happens,
someone
settings
have
to
get
a
gateway
on
a
proxy
and
have
the
different
TOS
setting
is
may
interfere
that
traffic
right
you
mean
the
ingress
gateway,
Wow
gateway
can
be
anything
not
just
impress
right
beyond
proxy.
A
E
H
E
F
D
Yeah
so
I
believe
the
help
in
stuff
is
partly
there
to
support
the
permissive
mode.
So
there
are
some
in
the
old
boy
code,
basically
extensions
to
on
boy.
There
are
some
weird
things
where
they
try
and
look
ahead
on
the
protocol
and
try
and
work
out
whether
you
go
TLS
or
non
TLS
traffic
and
I
think
LPL
p.m.
as
part
of
that.
Yes,.
J
Let's
say
so:
the
permissive
mode
used
to
work
under
using
different
criteria,
not
the
ARPA
instead
using
that
yes
protocol,
better
matching
seeking
the
protocol
and
the
weather
is
chaos
of
plaintext
I
use.
That
would
decide
the
better,
which
fear
the
change
of
use
and
we
change
through
the
air,
P
and
reason,
because
there
is
a
bug.
J
I
can
cause
that
in
the
in
the
dog,
basically
say
what
we
really
want
for
the
permissive
mode
is
that
you
make
the
server
able
to
tell
whether
its
client
side
has
estilo
psycho
or
not,
not,
and
and
they
usually
ARP
and
configure
the
client
side
to
send
the
European
protocol
to
the
server.
So
this
can
distinguish
since,
like
client
side
instead
need
a
HTTP
traffic,
but
that
is
terminating
the
client
application
and
we
wouldn't
mess
up
with
that
kind
of
case.
Yeah.
E
E
Yes
and
that's
a
very
valid
use
case,
we
can
have
that
flag,
but
the
use
case
could
be
like
there
are
trying
who
don't
use
a
sidecar
and
they're
not
miss
a
service,
it's
within
the
mesh
and
they
were
able
to
communicate
to
the
proxy
the
service.
It's
it's
within
the
mesh.
That's
a
use
case.
It's
is
broken.
Wait.
J
C
J
J
Why
do
we
care
these
two?
Because
how
do
you
handle
the
case
of
the
client
side?
They
already
the
application
already
using
them
cures
before
using
SQL
versus
that
application
does
not
use
anchors
plaintext,
but
now
the
clients
either
employ
is
now
trying
to
set
up
many
chaos.
You
cannot
distinguish
these
two
cases
yeah
and
that's
cause.
C
C
J
Says
a
penny
in
Kenya
behavior
and
that
is
supported
by
the
ARP
n,
because
if
the
application
are
using
and
guess
before
before
in
adopting
these
deal
there,
there
won't
be
a
RK
n
equals
to
e
Co
and
they're.
My
fear
chain
match.
We
evolved
the
field
to
draw
eyes
forwarded
to
the
application
behind
the
Instagram
boy
and.
J
E
A
A
J
J
F
J
F
F
J
J
E
E
A
E
A
C
K
J
C
C
What
what
they
want
to
happen
is
not
sort
of
like
TLS
inside
TLS
they
want.
They
want
a
client
to
just
just.
The
client
will
send
plain
text
to
to
that.
Their
proxy.
Their
proxy
will
do
sto
mutual
TLS
to
the
server
proxy,
and
then
they
want
the
server
proxy
to
terminate
that
that
mutual
TLS,
but
then
still
send
normal
TLS
to
to
the
background,
because
they
can
except.
E
E
E
C
J
Then
I
seem
to
please
are
the
questions
like
what
what
are
the
real
use
case?
We
are
trying
to
organize
and
make
the
zero
configuration
or
right
there's
two
kind
of
use
case
lights,
whatever
you
have
to
kiss
Catherine
right
now
and
the
other
is
a
application,
terminated,
HTTP
or
MTS
rabbit
and
which
one
we
need
to
prioritize,
how
to
optimize
the
user
experience
against
begins
in
zero
configuration
I.
F
J
C
I
see
I,
don't
think
we
have
to
break
the
this.
Do
alt
n
case
in
order
to
make
this
work.
Basically
because
cuz,
that's
unambiguous,
if
you
get
a
plain
text
connection,
that's
also
unambiguous.
It's
this
thing
in
the
middle,
where
you
get
a
TLS
connection
that
doesn't
have
this.
Do
LPN
has
the
normal
agent.
Yes,
a
at
the
end
that
that
there
are
two
different
things
that
we
want
to
do
with
it
different
use
cases
so
I
think
we
can.
C
F
G
J
J
Know
whether
it
be
possible
to
keep
terminal
on
the
cares,
contacts
of
the
theater
chains
and
fall
in
committed
I
mean
that
mean
rejected.
It's
not
even
go
to
back
end
depends
depends
on
unlikable,
sir.
It
depends
on
whether
it's
a
disease
as
the
listener
is
a
future
chain
match
consistent
entry
based
on
the
mean,
isn't
a
provider,
the
selector
feeder
chain,
and
then
in
fourth,
goes
through
the
action
items
on
that
theater
chain
and
the
filter
chamber.
So
head
secures
from
the
context.
If
that
is
their
neo,
then
in
the
pass
through.
J
F
F
F
2
doesn't
matter
what
I
saw
when
that
mode
is
accepted,
like
if
you
say
the
reason
we
have
the
ARP
n2e
steel
so
that
we
know
how
to
terminate
it
M
going
or
less.
The
traffic
goes
through
here
with
a
that
back-end.
Yes,
so
when's
our
when
the
traffic
can
go
to
back-end
I
mean
who
adding
that
is
2
per
se.
So
if.
G
G
G
F
Sorry
I
mean
like
so
it
goes
back
to
square
two
things
similar
to
the
things
that
you
don't
have
a
happy
happy
ending
registration
at
all
that
meeting
over
to
minute,
TOS
and
boy
right
and
when
he
was
a
really
ones.
Do
s
not
terminated
avoid
bus
route
to
back
end
okay,
they
already
have
to
set
something
for
that
right.
No
and
you
don't
know
whether
is
h2
or
whatever
it's
coming.
Actually,
no,
but
like
how's
application
doesn't
talk
to
want
to
talk
to.
H
J
F
J
L
A
F
J
G
That
we
hit
is
that
when
you
turn
when
you
set
that
ALP
and
protocol
as
it's
you,
those
that
that
setting
is
only
added
when
the
mood
is
it's
your
mutual.
So
in
the
cluster
context
for
the
sidecar
proxies
to
pass
application
protocol
assist
you.
That
only
happens
if
your
mode
in
the
destination
rule
is
it's
your
mutual?
If
you
back.
G
We
use
mutual
because
the
only
difference
we
have
is
that
we
have
our
custom
CA
and
so
in
order
to
use
our
customs
here,
we
used
a
mode
called
mutual,
but
when
we
use
a
more
calm
util,
our
sidecar
proxies
when
you're
communicating
with
a
server
that
is
on
permissive.
They
are
not
passing
that
application
for
a
college
to
you,
even
though
it's
all
within
the
mesh.
L
G
A
Sorry
to
interrupt
sure,
Kevin
follow
up
offline
about
this
yeah.
We
have
one
more
topic
here
and
okay:
linson
is
just
joining
us
and
we
have
like
10
minutes,
Oh
who's.
J
E
Can
be
if
any
change
I
can
reach
out
to
you
guys
to
schedule
a
follow-up?
Yes,
yes,
okay,
how
can
you
update
it
to
somewhere
in
the
in
the
same
document?
Maybe-
and
you
test
I-
think
I
just
got
a
set
to
do
background.
It's
already
incident
working
and
names,
awkward
that
we
can
proceed
further
on
this
Roger.
Okay,.
G
J
G
A
H
G
H
Do
want
to
discuss
this
topic
really
quickly,
so
FIPS
140-2
140
2
encryption.
So
we
opened
this
issue
a
while
back
and
I've
been
doing
a
little
bit
study
on
this.
So
just
a
little
bit
background
information
I
think
in
order
for
for
sto
to
be
used
in
any
of
the
federal
projects.
That's
when
the
FIPS
140
2
encryption
is
a
requirement
to
use
Iying
any
of
the
federal
projects.
That's
when
this
comes
in.
So
there
are
people
who
are
actually
looking
at.
H
Maybe
it
still
is
supposed
to
provide
secure
communication
at
the
edge
and
also
within
the
mesh.
So
maybe
it
still
could
be
an
interesting
user
case
to
help
to
solve
that
problem.
So
I,
look
at
a
little
bit
into
that.
So
envoy
has
support
for
boring
SSL,
which
also
have
option
where
you
can
enable
Phipps
compliance
for
level
1.
So
this
actually
for
level
security.
Compliance
with
this
particular
FIPS
140.
H
So
the
only
thing
are
we
can
provide
if
level
one
security,
mainly
because
it's
software
level,
software
level
security,
if
anything
beyond
that
security
level,
why
it
needs
to
be
hardware
level.
So
so
that's
number
one
is
I
think
we
have
to
youth
engage.
How
do
we
actually
build?
Oh
yeah
also
its
to
proxy
within
a
repo
to
enable
this
particular
build
flag
to
say
the
boring
SSL
is
our
fifth
mode
and
I
think.
H
Secondly,
it's
also
needs
to
look
at
whether
the
Envoy
shipped
within
is
still
the
base
OS
images,
whether
it
has
also
the
flip
side
and
also
I,
also
find
out
when
you
use
envoy
to
build
into
this
particular
mode
with
boring,
SSL
clips.
It
doesn't
mean
it's
actually
enforce
to
use
that
particular
algorithm
and
wrong
times.
I
think
there's
some
flex
you
have
to
you
can
make
the
psychic
configuration
to
push
that
mode
so
that
this
additional
work
that
needs
to
be
done
on
that
side
also
I
also
find
out.
H
We
have
to
ensure
the
private
keys
are
generated
by
a
module
operating
in
Thebes,
approved
them
orders.
So
I
dig
around
a
little
bit
code
on
that
I
think
in
our
security
package
we
have
ways
to
generate
the
private
keys
and
we're
using
crypto
I,
say
module
to
generate
private
keys.
So
it's
not
clear.
I
haven't
done
my
research,
whether
that's
Phipps
approved,
so
that's
it
does
anybody
know
that
does.
C
D
Needs
to
be
certified
so
the
other
way
you
can
do
this,
so
we've
done
something
similar
with
the
Red
Hat
very-very,
because
we
have
a
version
of
one
by
which
users
on
open
SSL
instead
of
boring,
SSL
yeah,
but
we
so
there's
a
kind
of
sandbox
where
that
goes
for
open
SSL
and
we
have
specific
go
tooling,
which
redirects
the
crypto
stuff
the
go
crypto
to
the
open,
SSL
sandbox.
So
you
also
have
to
do
that
as
well.
It's
not
just
yes,
a.
C
A
I
H
I'm
also
yeah
I'm,
also
asking
somebody
who
knows
more
on
this
topic
from
ID&T
also
kind
of
proof.
It
is
but
yeah.
My
understanding
is
more
on
the
algorithm.
They
want
make
sure
you're
using
your
approved
module
and
algorithm
to
you
when
you
communicate
so
that's
keys
and
also
when,
when
you
send
a
TLS,
traffic's
I.
D
M
C
D
H
G
H
I
C
M
D
D
There
are
four
components
that
talk
to
kubernetes
I
know
this,
because
I
just
I've
just
done
the
work
with
us
for
all
the
soft
multi-tenancy
stuff.
So
mixer
has
a
component
which
does
it
there's
a
plug
in
there
which
cover
medicine
I,
think
it
is
set
it
al
gali
pilot
those
are
the
four
the
top
two
kubernetes
so
there's
at
least
four
there
that
are
talking
to
the
api
server
right.
D
C
D
H
The
main
thing
is:
if
we
ever
want
its
do
to
be
a
product
to
any
of
our
federal
projects,
this
would
be
required
right.
So,
regardless,
whether
the
underlying
cuba
nati
supports
this
or
not
like
kevin,
would
say
so.
If
this,
if
it's
your
project
itself
ever
needs
to
be
used
in
any
of
the
federal
projects,
it
needs
to
pass
this
test
and.
J
D
B
H
C
D
D
Don't
for
whom
we
have
tooling
going
so
when
it
gets
compiled.
All
that
good
swapped
out
for
open,
SSL
or
integrated
open
SSL
in
that
we're
actually
replacing
the
crypto
libraries
themselves
with
ones
which
defer
to
an
open,
SSL,
shared
library.
And
then
that
is
the
sandbox.
Where
all
the
cryptographic
functions
happen
and
is
that
open
source.
H
E
H
D
D
It
was
done
specifically
for
because
we
have
a
lot
of
components,
especially
on
the
open
shift
side
that
are
written
and
go
so
the
the
simplest
way
for
actually
handling
that,
especially
when
we're
consuming
upstream
kubernetes,
you
know
even
upstream
is
do
is-
was
to
handle
it
at
that
level.
So
the
go
tooling
approach
was
what
they
chose
to
do
so
now
we
can
guarantee
that
that
all
gets
swapped
out
for
a
compilation,
time
for
a
link
to
the
OpenSSL
libraries,
which
are.
H
D
Well,
it
does
yeah
just
not
officially
so
so.
We've
been
working
with
you,
the
own
boy
community
for
probably
a
year
near
near
enough
to
try
and
get
support
into
that,
so
that
we
reached
an
agreement
with
them.
So
I
think
it
was
asked
on
when
we
actually
met
face
to
face
with
Matt
and
people
like
that,
and
the
way
it
works
is
that
the
the
upstream
community
version
itself
is
only
boring
SSL.
D
However,
we
refactored
a
lot
of
the
code
base
so
that
the
boring
SSL
components
were
largely
in
the
extensions
and
we
have
a
build
process
which
is
on
github.
Anybody
can
go
in
and
take
a
look
at
it
and
it
replaces
the
boring
SSL
parts
for
open
SSL
equivalents.
So
everything
is
now
open,
SSL.
We
we
make
sure,
but
as
part
of
the
build
that
there
is
no
boring
SSL
component
and
there
at
all,
okay.
C
H
C
C
D
It's
not
required
so
that
would
the
way
that
it
works
is
when,
if
you
run
it
so
so
you
actually
set
it
up
on
the
system
the
whole
system,
if
this
horses
running
in
fips-compliant
mode,
then
it
will
automatically
use
the
Pips
kimura
stricted
to
the
fips-compliant
cryptographic
functions.
So
it
depends
on
how
the
host
is
configured
really,
but
it
automatically
switches
between
the
two,
that's
part
of
the
sandbox
stuff.
D
H
Ok,
ok,
that's
cool,
so
so
Kevin.
If
I
heard
it
correctly,
if,
if
folks,
using
our
way
with
open
SSL
and
you
have
an
open-source
project
out
there
and
then
if
they
build
mixer,
Citadel
gallery
and
pilot,
you
mean
the
right
way.
You
swap
with
the
right
fifth
compliant
libraries,
there's
no
actual
eco
changes
required
to
pilot
and
then
potentially
we
could
get
sto
itself,
not
counting
the
dependency
project
like
API
server,
to
be
fips-compliant,
using
open,
SSL
and
potentially
other
fips-compliant
libraries.