Public bug reported:
FIPS 140-2 does not permit MD5 except when used for pseudorandom
function (PRF). When openvpn requests MD5 operation to FIPS-mode-
openssl, since it is not allowed in general, fips-mode-openssl goes into
an error state.
openvpn needs to set a specific fips-mode-openssl flag to indicate it is
using MD5 for PRF, thereby fips-mode-openssl will grant the request
instead of entering an error state. In non-fips-openssl the flag has no
meaning.
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
** Affects: openvpn (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: openvpn (Ubuntu Disco)
Importance: Undecided
Status: New
** Description changed:
FIPS 140-2 does not permit MD5 except when used for pseudorandom
function (PRF). When openvpn requests MD5 operation to FIPS-mode-
openssl, since it is not allowed in general, fips-mode-openssl goes into
an error state.
- openvpn needs to set a specific fips-mode-openssl flag to indicate to it
- is using MD5 for PRF, thereby fips-mode-openssl will grant the request
- instead of entering an error state.
+ openvpn needs to set a specific fips-mode-openssl flag to indicate it is
+ using MD5 for PRF, thereby fips-mode-openssl will grant the request
+ instead of entering an error state. In non-fips-openssl the flag has no
+ meaning.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1807439
Title:
openvpn crashes when run with fips openssl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1807439/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
