[gnutls-help] FIPS ciphers list is wrong

jonetsu Tue, 10 Mar 2015 11:14:44 -0700

Hello,

  The list of ciphers provided by 'gnutls-cli -l' is the same in FIPS mode or 
not.  The test:


/usr/local/bin/gnutls-cli -v            
gnutls-cli 3.3.13


1)

/usr/local/bin/gnutls-cli --fips140-mode
library is NOT in FIPS140-2 mode

/usr/local/bin/gnutls-cli -l           

(nonfips list generated)

2)

export GNUTLS_FORCE_FIPS_MODE=1

/usr/local/bin/gnutls-cli --fips140-mode
library is in FIPS140-2 mode

/usr/local/bin/gnutls-cli -l           

(fips list generated)

Many ciphers listed in FIPS mode should not be there.

Regards.





_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help

[gnutls-help] FIPS ciphers list is wrong

Reply via email to