On Thu, Oct 26, 2023 at 02:27:56PM -0400, Ken Hornstein wrote: > Ever hear the political adage, "If you're explaining yourself, you're > losing"?. The same adage applies when talking to security people, > especially the non-technical ones. The common gss-keyex code out there > calls the OpenSSL MD5 function at runtime, and some of the distributions > that do ship the gss-keyex code (RedHat) decided to simply disable > gss-keyex code when FIPS is turned on. So yes, you CAN hardcode the > OID->name mappings, but it seems that nobody actually does that.
We accept PRs. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos