[gnutls-help] FIPS ciphers list is wrong
jonetsu
jonetsu at teksavvy.com
Tue Mar 10 19:09:47 CET 2015
Hello,
The list of ciphers provided by 'gnutls-cli -l' is the same in FIPS mode or not. The test:
/usr/local/bin/gnutls-cli -v
gnutls-cli 3.3.13
1)
/usr/local/bin/gnutls-cli --fips140-mode
library is NOT in FIPS140-2 mode
/usr/local/bin/gnutls-cli -l
(nonfips list generated)
2)
export GNUTLS_FORCE_FIPS_MODE=1
/usr/local/bin/gnutls-cli --fips140-mode
library is in FIPS140-2 mode
/usr/local/bin/gnutls-cli -l
(fips list generated)
Many ciphers listed in FIPS mode should not be there.
Regards.
More information about the Gnutls-help
mailing list