[Freeipa-devel] [DRAFT] Release notes FreeIPA 4.5.0
Rob Crittenden
rcritten at redhat.com
Tue Mar 14 15:21:20 UTC 2017
Standa Laznicka wrote:
> On 03/14/2017 03:14 PM, Martin Basti wrote:
>> On 14.03.2017 14:56, Luc de Louw wrote:
>>> My 3 cents...
>>>
>>> "Please note that FIPS 140-2 support may not work on some platforms"
>>>
>>> -> Does is work in Fedora? Should be worth mention it so people are
>>> more encouraged to test it in Fedora before its getting to RHEL 7.4
>>>
>>> Thanks,
>>>
>>> Luc
>> We cannot guarantee that FIPS mode will work with fedora, any package
>> update may break it.
> Fedora itself is not capable of running in FIPS mode so there's no point
> adding it there.
I can't believe this is correct. Did you try it and it failed? Did you
file bugs?
The dracut-fips and dracut-fips-aesni packages are both available.
# cat /etc/redhat-release
Fedora release 25 (Twenty Five)
# sysctl crypto.fips_enabled
crypto.fips_enabled = 0
So the basic stuff is there and the kernel knows what FIPS is.
Any NSS-based application can enable FIPS-mode independently of the
kernel via modutil or application-specific settings (e.g. NSSFIPS in
mod_nss).
rob
More information about the Freeipa-devel
mailing list