[Swan-dev] how do I really put a test VM in FIPS mode?

Paul Wouters paul at nohats.ca
Thu Jun 25 00:03:18 EEST 2015


I hadn't gotten to that yet, but also I think you must first migrate NSS using ipsec --checknss or else modutil will be undone. Also use swanprep --fips to create required files 

Sent from my iPhone

> On Jun 24, 2015, at 17:40, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> 
> I'd like to do some testing in true fips mode; no hacks or some such.
> I suspect I need to do two things:
> 
> - boot the kernel in fips mode
> - configure the NSS database directory so that it also goes into fips mode
> 
> Andrew
> 
> PS: I'm going by this:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev


More information about the Swan-dev mailing list