> Do we even know for sure this krb5-k5tls is enough for fips compliance, and that it replaces *all* crypto code in kerberos with openssl calls?
No it does not. But intention is to make the over the network communications with TLS to be FIPS-TLS compliant which is cheaper to certify when reusing a certified TLS component library. ** Changed in: krb5 (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1943530 Title: link libkrb5 with openssl Status in krb5 package in Ubuntu: Confirmed Bug description: In Ubuntu we provide a cryptographic core based on a small set of packages that we FIPS certify [0]. Applications and libraries should not bundle their own crypto code but should use the cryptographic core to benefit from the certification, but also importantly to reduce bugs due to small cryptographic libraries that that are not studied as much as more popular counterparts. This bug is to change libkrb5 to use the openssl crypto code instead of bundling its own on the next ubuntu release. [0]. https://ubuntu.com/security/fips To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1943530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp