[Bug 56396] New: TCN fails FIPS mode initialization if unable to generate 512 bit RSA temporary key

bugzilla Fri, 11 Apr 2014 11:46:53 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=56396


            Bug ID: 56396
           Summary: TCN fails FIPS mode initialization if unable to
                    generate 512 bit RSA temporary key
           Product: Tomcat Native
           Version: 1.1.29
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: rsand...@trustedcs.com

Initially report in https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
  On a RHEL6 system configured to be in FIPS 140 mode at boot time the Tomcat
Native library will not start, due to the inability to generate a 512 bit RSA
temporary key.  Commenting out the SSL_TMP_KEY_INIT_RSA(512) line in the
SSL_TMP_KEYS_INIT() macro and rebuilding allows TCN to successfully start in
FIPS mode.

  The logic used in the SSL_TMP_KEYS_INIT() macro will cause the startup to
fail if any of the temporary keys being generated fails.  Should this be
changed to pass if at least one key generates, or one key of each type (RSA,DH,
etc...)?  The following note is taken from the comments on the original 56027
bug:

https://issues.apache.org/bugzilla/show_bug.cgi?id=56027#c14

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56396] New: TCN fails FIPS mode initialization if unable to generate 512 bit RSA temporary key

Reply via email to