Unbound 1.11.0 FIPS mode issue
Paul Wouters
paul at nohats.ca
Fri May 7 14:20:31 UTC 2021
On Fri, 7 May 2021, Wouter Wijngaards wrote:
>> Excellent, now do --with-deprecate-sha1 and --without-deprecate-md5 :)
>
> This is called ./configure --disable-sha1 that disables SHA1 in that
> manner. RSAMD5 is unsupported by default, deprecated in RFC 6725.
Oh. Awesome :)
Thanks!
I guess it would be nice to be able to detect (or tell via
unbound-control) about FIPS mode, and only then disable 1024 RSA and
SHA-1. But I guess a runtime feature is quite different from a compile
time feature.
I wouldn't want to disable sha-1 and 1024 RSA already for everyone in
Fedora and RHEL/CentOS....
Paul
More information about the Unbound-users
mailing list