[Swan] RSA key length or ID matching issue in 3.25 FIPS mode

Paul Wouters paul at nohats.ca
Wed Jan 9 04:11:48 UTC 2019


On Tue, 18 Dec 2018, Matt Hilt wrote:

> I'm running opportunistic encryption between a number of servers all using RHEL 7 with FIPS mode enabled. Everything has been working fine using
> some RSA keys and libreswan 3.23.  RHEL now has 3.25 available, but when upgrading it warned that the RSA bit length was required to be > 3072.

I've found the bug, fix is at:

https://github.com/libreswan/libreswan/commit/61d076456774c1eda85921dfdfd6d4c520a4dd89

> Any ideas? I can pin to 3.23 for now, but it would be nice to be able to keep up with the OS.

I'll try and get it into RHEL-7.6.z

Paul


More information about the Swan mailing list