On Sat, Oct 13, 2018 at 10:19:44PM -0400, Danny Mayer wrote: > Sorry for the delay in responding. No, it doesn't work right now. I did > test this out several years ago but the problem with SHA2 is the length > of the resultant hash. There's no problem creating and sending such a > MAC but the other side needs to be changed to be able to properly handle > the resulting MAC. There are plans to change the code to properly deal > with this and other types of hashing algorithms.
I think that may already have been implemented. Recent ntp versions seem to truncate long MACs to 160 bits, so it should work with any hash function supported by openssl. However, ntp-4.2.6p5-28.el7 from RHEL/CentOS doesn't support it. > > Danny > > On 10/8/18 2:29 AM, Sharma12, Sachin wrote: > > Hi, > > > > We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support > > SHA2 with FIPS enable and disable? > > > > If not then please let us know when NTP support for SHA2 in future release? -- Miroslav Lichvar _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
