action #89122
[sle][security][backlog] fips: add some more openssl tests, dhparam and also s_server/s_client
100%
Description
We have some non working stuff in FIPS mode with openssl.
https://bugzilla.suse.com/show_bug.cgi?id=1182764
OPENSSL_FORCE_FIPS_MODE=1 openssl dhparam -out dhparams_2048.pem 2048
errors with:
..
140657399079360:error:050C90CA:Diffie-Hellman routines:DH_generate_parameters_ex:non FIPS method:crypto/dh/dh_gen.c:31:
can you add a "openssl dhparam 2048" test to the existing fips suite?
Also testing s_client and s_server in FIPS mode with DHE and potentially others.
openssl s_server -key generatedkey -cert generatedcert -dhparam dhparams_2048.pem -cipher DHE
and then connect to localhost:4433 e.g. with
openssl s_client -connect localhost:4443
History
#1
Updated by tjyrinki_suse almost 2 years ago
- Subject changed from fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client
- Start date deleted (
2021-02-25)
#2
Updated by llzhao almost 2 years ago
- Subject changed from [sle][security] fips: add some more openssl tests, dhparam and also s_server/s_client to [sle][security][sle15sp4] fips: add some more openssl tests, dhparam and also s_server/s_client
- Category set to New test
- Assignee set to bchou
- Estimated time set to 40.00 h
#3
Updated by bchou 9 months ago
- Assignee changed from bchou to rcai
After discussing with Roy, I think we can write some tests on single machine tests in advance. Thank you.
And there are some useful updates from the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1182764
#5
Updated by rcai 9 months ago
Related bug: https://bugzilla.suse.com/show_bug.cgi?id=1198913
#7
Updated by rcai 8 months ago
- Status changed from New to Blocked
https://bugzilla.suse.com/show_bug.cgi?id=1198913
https://bugzilla.suse.com/show_bug.cgi?id=1180995
Due to bugs, cannot make manual test succeed.
It blocked automation.
#9
Updated by tjyrinki_suse 5 months ago
1198913 is fixed, https://bugzilla.suse.com/show_bug.cgi?id=1180995 is still open but there is also very recent progress and a possible fix.