On 03/14/2017 04:21 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
On 03/14/2017 03:14 PM, Martin Basti wrote:
On 14.03.2017 14:56, Luc de Louw wrote:
My 3 cents...
"Please note that FIPS 140-2 support may not work on some platforms"
-> Does is work in Fedora? Should be worth mention it so people are
more encouraged to test it in Fedora before its getting to RHEL 7.4
Thanks,
Luc
We cannot guarantee that FIPS mode will work with fedora, any package
update may break it.
Fedora itself is not capable of running in FIPS mode so there's no point
adding it there.
I can't believe this is correct. Did you try it and it failed? Did you
file bugs?
Yes, yes and no. Please see the header at this page:
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
We tried to set up Fedora for FIPS in RHEV but the machine would not
even start.
The dracut-fips and dracut-fips-aesni packages are both available.
# cat /etc/redhat-release
Fedora release 25 (Twenty Five)
# sysctl crypto.fips_enabled
crypto.fips_enabled = 0
So the basic stuff is there and the kernel knows what FIPS is.
Any NSS-based application can enable FIPS-mode independently of the
kernel via modutil or application-specific settings (e.g. NSSFIPS in
mod_nss).
rob
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
