Author CristiFati
Recipients CristiFati, alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou, r.david.murray
Date 2016-07-22.21:27:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1469222823.33.0.599253789108.issue27592@psf.upfronthosting.co.za>
In-reply-to
Content
Thank you all for chiming in (so quickly). I did this in 2013 (maybe back then the situation was different), and have successfully used it since.

Regarding comments:
 - Alex:
   1: I'm not an expert, so I'm not going to argue with it. However I thought that if it's enforced by the government (and NIST) it would make sense. Nowadays I get this feeling that when it comes to security, people tend to lose their technical common sense and implement stuff without questioning.
   2: I've just read Steve Marquess's post (and a couple of others linked from it) and I'm a little bit surprised since the FIPS funcs have been added to OpenSSL stating with version 1.0.* and they're about to be removed. Anyway, there are IT mammoths that have deals with the government (big bucks deals - involving FIPS) and use OpenSSL as a cryptography and secure socket provider (personally I consider those corporations that make use of open source software in order to get millions and give nothing back, parasites). I think when OpenSSL will publicly announce the FIPS drop, they'll will have nothing to do but chip in, as it will be extremely difficult to switch to other providers (if any - I've seen Bladelogic name mentioned,I'm not sure it will cover, also for Java apps there was RSA or EMC, which is also going out of support).
   3: This is a good point, since there's no other alternative (that I know of), that uses/doesn't use FIPS.

 - David: bug9216 - the patch from RedHat (`usedforsecurity` parameter for md5 hash), I'm using it for 3 years; I didn't encounter the 2nd one. But both apply to hashlib. Reagrding ssl, changing FIPS mode would make a difference, e.g. when creating secure connections with certificates with (now considered weak anyway) md5 hash algorithms.

Thanks everyone for reviewing.
History
Date User Action Args
2016-07-22 21:27:03CristiFatisetrecipients: + CristiFati, janssen, pitrou, giampaolo.rodola, christian.heimes, alex, r.david.murray, dstufft
2016-07-22 21:27:03CristiFatisetmessageid: <1469222823.33.0.599253789108.issue27592@psf.upfronthosting.co.za>
2016-07-22 21:27:03CristiFatilinkissue27592 messages
2016-07-22 21:27:02CristiFaticreate