[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] security: fix DH key generation when FIPS mode is on



"Daniel P. Berrange" <berrange redhat com> writes:

> On Thu, Sep 04, 2014 at 10:33:37AM +0200, Giuseppe Scrivano wrote:
>> When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
>> specified as the prime's number of bits, a bigger value works in both
>> cases.
>> 
>> Signed-off-by: Giuseppe Scrivano <gscrivan redhat com>
>> ---
>> 
>> with the development version of GNU TLS is possible to test FIPS mode
>> setting the env variable GNUTLS_FORCE_FIPS_MODE=2
>
> How about we set that env variable in our two TLS tests too, because
> we really want libvirt to be always able to run in FIPS mode.

sure, I will send a follow-up patch.

Regards,
Giuseppe


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]