In case you hadn’t seen this:
https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3
Paul
_
Paul A. Suhler, PhD | Firmware Engineer | Quantum Corporation | Office:
949.856.7748 | paul.suh..
Hi,
I've run into this error too, but is seen intermittently in my case during
regression when there is a lot of traffic, meaning a lot of invocations to
OpenSSL's DRBG.
What could be the possible causes of the continuous RNG test to fail for the
default DRBG in FIPS-mode?
My first guess was low
Someone pointed out to me the included patch was accidentally reversed. Use
patch with -R or see the attachment for the correct patch.
fix_single_ciphers.patch
Description: Binary data
signature.asc
Description: PGP signature
When using `openssl ciphers`, permanently disabling all ciphers one by one
makes the last cipher impossible to disable:
$ openssl ciphers
'ALL:COMPLEMENTOFALL:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!EC
