The xenial patch has additional code. In version 2.3.10, openvpn uses MD5 for PRF and internally for configuration status verification. FIPS 140-2 permits MD5 for PRF, but not as a hash for internal verification. Subsequent versions of openvpn (2.4) was changed upstream to not use MD5, instead uses SHA256. The attached patch provided by atsec uses SHA1 instead of MD5.
** Attachment added: "debdiff.xenial" https://bugs.launchpad.net/ubuntu/xenial/+source/openvpn/+bug/1807439/+attachment/5222055/+files/debdiff.xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1807439/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
