Project

General

Profile

action #89122

[sle][security][sle15sp4] fips: add some more openssl tests, dhparam and also s_server/s_client

Added by msmeissn 5 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
New test
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
40.00 h
Difficulty:

Description

We have some non working stuff in FIPS mode with openssl.

https://bugzilla.suse.com/show_bug.cgi?id=1182764

OPENSSL_FORCE_FIPS_MODE=1 openssl dhparam -out dhparams_2048.pem 2048
errors with:
..
140657399079360:error:050C90CA:Diffie-Hellman routines:DH_generate_parameters_ex:non FIPS method:crypto/dh/dh_gen.c:31:

can you add a "openssl dhparam 2048" test to the existing fips suite?

Also testing s_client and s_server in FIPS mode with DHE and potentially others.

openssl s_server -key generatedkey -cert generatedcert -dhparam dhparams_2048.pem -cipher DHE

and then connect to localhost:4433 e.g. with

openssl s_client -connect localhost:4443

History

#1 Updated by tjyrinki_suse 5 months ago

  • Subject changed from fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client
  • Start date deleted (2021-02-25)

#2 Updated by llzhao 3 months ago

  • Subject changed from [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security][sle15sp4] fips: add some more openssl tests, dhparam and also s_server/s_client
  • Category set to New test
  • Assignee set to bchou
  • Estimated time set to 40.00 h

Also available in: Atom PDF