On Tue, 27 Apr 2021, Wewegama, Kavinda wrote:
When FIPS is enabled, how does it affect Libreswan behavior besides enforcing certain cryptographic properties/restrictions?
That should be the only difference. If something is rejected because of FIPS, there will be a clear log message about it.
The reason I ask is because I am noticing child/IPsec SAs getting unsynchronized between tunnel endpoints if FIPS is enabled and SELinux Enforcing is turned on. In the past, I didn’t have issues with either FIPS by itself or with SELinux Enforcing by itself, but the combination isn’t working well.
That does not sound like a FIPS related problem with libreswan if you don't see clearly logged reasons of issues? Is there perhaps other FIPS restrictions that might be affecting the system from other components? Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
