[Swan-dev] FIPS Behavior Question
Paul Wouters
paul at nohats.ca
Wed Apr 28 01:08:26 UTC 2021
On Tue, 27 Apr 2021, Wewegama, Kavinda wrote:
> When FIPS is enabled, how does it affect Libreswan behavior besides enforcing certain cryptographic properties/restrictions?
That should be the only difference. If something is rejected because of
FIPS, there will be a clear log message about it.
> The reason I ask is because I am noticing child/IPsec SAs getting unsynchronized between tunnel endpoints if FIPS is enabled and SELinux
> Enforcing is turned on. In the past, I didn’t have issues with either FIPS by itself or with SELinux Enforcing by itself, but the
> combination isn’t working well.
That does not sound like a FIPS related problem with libreswan if you
don't see clearly logged reasons of issues? Is there perhaps other FIPS
restrictions that might be affecting the system from other components?
Paul
More information about the Swan-dev
mailing list