Hi, The only place that Review Board uses md5 is if you're using the HTTP Digest authentication backend (in which case it's specified by the HTTP Digest Auth spec). There are also a couple call sites in unit tests, but those are only used in development and not on production servers.
-David On Mon, Oct 22, 2018 at 9:09 AM Zachary Gallagher < [email protected]> wrote: > Ideally we'd like to use the security profile for the NIST 800-171. Yes, > this is for a security *need *and not some whimsical desire for security. > For all new installs, that's what we're going with. That includes a certain > required level of encryption. Reviewboard as is uses hashlibs.md5, and FIPS > mode for CentOS7 rejects this. > > I'm unsure, but is there a simple pre-conf switch I can add to change the > setting? I'm looking for it at the moment, but haven't found anything yet. > Is this a Python/CentOS thing? I honestly don't know exactly where to look > for support at the moment. > > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
