On 07/12/16 23:20, boxar...@yandex.ru wrote: > Hi, > > I'm wondering if I can get source code of a licensed openvpn version, > so that I could recompile it myself before using. I'm trying to > enable fips mode in openvpn and I don't see any other way but to > change source code calling FIPS_mode_set() function. Maybe you have > any other ideas on how I can do it for a licensed version?
As I already responded to on the -devel list [1]: > OpenVPN needs to be adopted to be useful in FIPS mode. We are tracking > this issue in trac ticket #725. > > http://community.openvpn.net/openvpn/ticket/725 [1] <https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13382.html> Plus, also see the information on the Red Hat bugzilla, where a patch was suggested: <https://bugzilla.redhat.com/show_bug.cgi?id=1369260> This patch cannot be accepted as it is, as that will break connectivity if the server or clients run in non-fips mode - as it removes support for algorithms used by default. As already said, OpenVPN needs to be adopted to support FIPS mode. Plus the system requiring FIPS mode needs to be configured as well: <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Federal_Standards_and_Regulations.html#sect-Federal_Information_Processing_Standard> This is not something we will look into before v2.4 is released. But if you are impatient, please join #openvpn-devel on FreeNode and we can discuss what you need to consider when implementing FIPS mode to be accepted upstream. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
