https://bz.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #24 from Christopher Schultz ---
(In reply to Ben Mason from comment #21)
> I am still getting this error as well. Is this the key length issue? It is
> unclear in this thread whether that was ever
https://bz.apache.org/bugzilla/show_bug.cgi?id=56027
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #21 from Ben Mason ben.ma...@viasat.com ---
I am still getting this error as well. Is this the key length issue? It is
unclear in this thread whether that was ever fixed. Rob Sanders said he filed
another bug, but it appears it
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #22 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to Ben Mason from comment #21)
Is this the key length issue? It is
unclear in this thread whether that was ever fixed. Rob Sanders said he
filed another bug,
Now I'm confused. When Mladen posted his patch against bug 56396 I'd pulled
that code and tested it and it worked. So I thought it would be in TCN 1.1.30.
But when I look at TCNative 1.1.30 (included in Tomcat 6.0.41) I don't see
that code, and without it my tests should have failed.
So it
Just double checked - error appears to be on my side. I stood up a pristine
CentOS 6.5 box with Tomcat 6.0.41/TCN1.1.30 in FIPS mode and it fails to start.
Manually applying the bugfix as suggested in bug 56396 does work. My
apologies for flagging this as working earlier in this thread.
I
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #20 from Christopher Schultz ch...@christopherschultz.net ---
I believe the SSL2 MD5 routines problem is different from this issue, which
was to allow Tomcat to start up with OpenSSL already in FIPS mode (e.g. don't
choke and
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Simon Mijolovic smijolo...@nutanix.com changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Simon Mijolovic smijolo...@nutanix.com changed:
What|Removed |Added
CC|
I tested TCN 1_1_30 with Tomcat 6 (which our app uses) and everything appears
to work just fine. I haven't updated our install to try working with Tomcat 7.
This is on a CentOS 6.5 (yum updated) box with fips mode enabled at boot, and
a server.xml similar to yours.
Just looking quickly at
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Status|NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #17 from Konstantin Kolinko knst.koli...@gmail.com ---
Follow-ups in Tomcat 8 in r1590300 r1590339 (8.0.6), r1590340 (7.0.54).
Updated patch was proposed for Tomcat 6.
--
You are receiving this mail because:
You are the
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #16 from Christopher Schultz ch...@christopherschultz.net ---
Fixed in Tomcat trunk in r1587378, r1587379, and r1587723. Will be included in
Tomcat 8.0.6 and later.
Fixed in Tomcat 7.0 branch in r1587378, r1587661, and r1587734.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #15 from Rob Sanders rsand...@trustedcs.com ---
As per request I've filed a new bug for the failure to init the RSA 512 bit
temporary key (https://issues.apache.org/bugzilla/show_bug.cgi?id=56396).
--
You are receiving this
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #13 from Christopher Schultz ch...@christopherschultz.net ---
(In reply to Ben Mason from comment #12)
...that will not fix problem #2,
correct? I am seeing that on SLES 11 as well. Do you need someone to
contribute a fix for
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #14 from Rob Sanders rsand...@trustedcs.com ---
I remember reading some of the SSL docs that certain key lengths may be invalid
for regular use, they are valid for key agreement/establishment. Quoting from
the somewhat
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #10 from Christopher Schultz ch...@christopherschultz.net ---
We need a tcnative release before Tomcat itself can be patched.
If you grab the current tcnative 1.1.x branch, it will have what you need. If
you then apply this
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Attachment #31226|0
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #12 from Ben Mason ben.ma...@viasat.com ---
(In reply to Christopher Schultz from comment #10)
We need a tcnative release before Tomcat itself can be patched.
If you grab the current tcnative 1.1.x branch, it will have what
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #9 from Ben Mason ben.ma...@viasat.com ---
(In reply to Christopher Schultz from comment #8)
Created attachment 31226 [details]
Proposed patch against Tomcat-trunk
Feel free to adapt this patch for Tomcat 6.
Chris-
I am
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #1 from Rob Sanders rsand...@trustedcs.com ---
Marked as major due to a customer requirement to have their RHEL6 boxes running
in FIPS mode at boot. They are temporarily relaxing this while we have worked
on determining the
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Severity|major
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #3 from Christopher Schultz ch...@christopherschultz.net ---
This bug will likely require (at least) two separate patches: one for avoiding
double-entry into FIPS mode, one for changing the key sizes used, and possibly
one for
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #5 from Christopher Schultz ch...@christopherschultz.net ---
(In reply to Rob Sanders from comment #4)
Proposed fix - in TCN src/ssl.c fipsModeSet() routine, call FIPS_mode()
before calling FIPS_mode_set() to see if we're
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #4 from Rob Sanders rsand...@trustedcs.com ---
Looking at the openssl source for my box a double call to FIPS_mode_set to
*enable* FIPS triggers an error - including setting the internal
fips_selftest_fail flag to 1 indicating a
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #6 from Christopher Schultz ch...@christopherschultz.net ---
Added fipsModeGet JNI implementation in both tcnative trunk and tcnative 1.1.x
branch. Will be in tcnative 1.1.30.
--
You are receiving this mail because:
You are
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #7 from Rob Sanders rsand...@trustedcs.com ---
Concur on comment 3 - had dueling edits going on.
For our customer at the moment I'm implementing the TCN only fix. Once the
next TC6 and TCN releases are out we'll move to them.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #8 from Christopher Schultz ch...@christopherschultz.net ---
Created attachment 31226
-- https://issues.apache.org/bugzilla/attachment.cgi?id=31226action=edit
Proposed patch against Tomcat-trunk
Feel free to adapt this patch
28 matches
Mail list logo