On Tue, May 01, 2012 at 06:26:05PM -0500, Anthony Liguori wrote:
> On 05/01/2012 04:20 PM, Paul Moore wrote:
> >FIPS 140-2 requires disabling certain ciphers, including DES, which is used
> >by VNC to obscure passwords when they are sent over the network. The
> >solution for FIPS users is to disable the use of VNC password auth when the
> >host system is operating in FIPS mode.
> Sorry, what?
> Does FIPS really require software to detect when FIPS is enabled and
> actively disable features??? That's absurd.
> Can you point to another software package that does something like this?
All the SSL libraries for a start (NSS, OpenSSL & GNUTLS). If we were
using one of those for the VNC DES code we would be disabled.
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|