On Tue, May 01, 2012 at 06:26:05PM -0500, Anthony Liguori wrote:
> On 05/01/2012 04:20 PM, Paul Moore wrote:
> >FIPS 140-2 requires disabling certain ciphers, including DES, which is used
> >by VNC to obscure passwords when they are sent over the network.  The
> >solution for FIPS users is to disable the use of VNC password auth when the
> >host system is operating in FIPS mode.
> Sorry, what?
> Does FIPS really require software to detect when FIPS is enabled and
> actively disable features???  That's absurd.
> Can you point to another software package that does something like this?

All the SSL libraries for a start (NSS, OpenSSL & GNUTLS).  If we were
using one of those for the VNC DES code we would be disabled.

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

Reply via email to