[libvirt] [PATCH] security: fix DH key generation when FIPS mode is on
Giuseppe Scrivano
gscrivan at redhat.com
Thu Sep 4 08:58:14 UTC 2014
"Daniel P. Berrange" <berrange at redhat.com> writes:
> On Thu, Sep 04, 2014 at 10:33:37AM +0200, Giuseppe Scrivano wrote:
>> When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
>> specified as the prime's number of bits, a bigger value works in both
>> cases.
>>
>> Signed-off-by: Giuseppe Scrivano <gscrivan at redhat.com>
>> ---
>>
>> with the development version of GNU TLS is possible to test FIPS mode
>> setting the env variable GNUTLS_FORCE_FIPS_MODE=2
>
> How about we set that env variable in our two TLS tests too, because
> we really want libvirt to be always able to run in FIPS mode.
sure, I will send a follow-up patch.
Regards,
Giuseppe
More information about the libvir-list
mailing list