Unbound 1.11.0 FIPS mode issue

Paul Wouters paul at nohats.ca
Thu May 6 18:58:19 UTC 2021

On Thu, 6 May 2021, Mohammad Rafiq -X (mohrafiq - HCL TECHNOLOGIES LIMITED at Cisco) via Unbound-users wrote:

>                 We are trying to enable verbosity in unbound, so far we have tried below flags at the time of build.

Why not set verbosity: in the unbound.conf configuration file ?

> Our goal is to add debug logs to identify code snippet where signature verification takes place, to check the feasibility of bypassing FIPS mode check and verify 1024 key sizes.

This seems the wrong way of doing this. unbound should properly
recognise when an algorithm is not available/configured to be
used, and mark the algorithm properly as unsupported/unknown,
so that existing code paths that already support this, does
the right thing.


More information about the Unbound-users mailing list