问题
I recently enabled the FIPS module under CentOS 6 (minimum install).
Module is confirmed working:
cat /proc/sys/crypto/fips_enabled
yields 1
openssl md5 somefile
(fails) and openssl sha1 somefile
(succeeds).
openssl version
yields OpenSSL 1.0.1e-fips 11 Feb 2013
When I attempt to ssh into a box I connect to daily, I now see a notice stating:
FIPS integrity verification test failed
The session continues and I am able to connect to the remote server. Is the connection still secure?
回答1:
The session continues and I am able to connect to the remote server. Is the connection still secure?
Yes.
OpenSSL is known as FIPS Capable. The FIPS Capable version of the library can use validated cryptography.
If FIPS_mode_set
is not called, then the module is using non-validated cryptography. If FIPS_mode_set
is called but fails (your situation), then the module using non-validated cryptography. In both case you are using cryptography, its just not blessed by FIPS.
来源:https://stackoverflow.com/questions/30484972/fips-integrity-verification-test-failed-when-iniating-ssh-session