On Thu, Jan 15, 2015 at 11:44 AM, [email protected] <[email protected]> wrote: >> Correct, I forgot about it. You'll need to patch gnutls' fips.c to >> use a key that agrees with the fipscheck package. I.e., apply the >> following patch: > Thanks. Haven't had the opportunity to try it yet. I have a general > question regarding FIPS mode, about the way it works. Is there a need > to modify all applications using GnuTLS to add FIPS init code, or is > there some automatic function being called when the library is loaded > (or otherwise used) by an application, that will execute all > FIPS-related checks and tests ?
It works transparently. The checks are executed on library load, and the default algorithm sets are modified to contain only the FIPS140-2 allowed ciphers. The only issue you'll have is with applications that specifically request a non-FIPS approved cipher like RC4 or MD5. These applications will fail (as expected). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
