[Swan] RSA key length or ID matching issue in 3.25 FIPS mode
paul at nohats.ca
Wed Jan 9 04:11:48 UTC 2019
On Tue, 18 Dec 2018, Matt Hilt wrote:
> I'm running opportunistic encryption between a number of servers all using RHEL 7 with FIPS mode enabled. Everything has been working fine using
> some RSA keys and libreswan 3.23. RHEL now has 3.25 available, but when upgrading it warned that the RSA bit length was required to be > 3072.
I've found the bug, fix is at:
> Any ideas? I can pin to 3.23 for now, but it would be nice to be able to keep up with the OS.
I'll try and get it into RHEL-7.6.z
More information about the Swan