Hi everyone,
I tried to enable the fips mode with gnutls 3.8.9 and failed to get it started.
My compiler flags
are the default compiler flags for Debian. Since I use the Debian packages for
Trixie as a sample
build process.
All I do is adding the parameter:
--enable-fips140-mode
The package build is going well, and I receive a package. However, after the
installation of the
package, I get the following error message:
gnutls-cli github.com -p443
Error in GnuTLS initialization: Error while performing self checks.
global_init: Error while performing self checks
By setting GNUTLS_NO_IMPLICIT_INIT the global_init error message goes away.
When I check for the
fips-mode, gnutls-cli reports that this is working.
export GNUTLS_NO_IMPLICIT_INIT=1; gnutls-cli --fips140-mode
library is in FIPS140-2 mode
gnutls-cli github.com -p443
|<1>| FIPS140-2 self testing part 2 failed
Reading through the documentation, I noticed that there is the statement
regarding the self-test
that it's possible to provide a –-with-fips140-key for the self-test. Does this
key have to be of
special length since it It should be an HMAC key, correct?
I'm just not sure if that's going to help here, anyone has some suggestion?
My workaround is as of now to set GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1
PS: My kernel was boot with the FIPS mode and also OpenSSL is also in FIPS mode
too.
best regard,
akendo
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
