[gnutls-help] FIPS ciphers list is wrong

jonetsu jonetsu at teksavvy.com
Tue Mar 10 19:09:47 CET 2015


Hello,

  The list of ciphers provided by 'gnutls-cli -l' is the same in FIPS mode or not.  The test:

/usr/local/bin/gnutls-cli -v            
gnutls-cli 3.3.13


1)

/usr/local/bin/gnutls-cli --fips140-mode
library is NOT in FIPS140-2 mode

/usr/local/bin/gnutls-cli -l           

(nonfips list generated)

2)

export GNUTLS_FORCE_FIPS_MODE=1

/usr/local/bin/gnutls-cli --fips140-mode
library is in FIPS140-2 mode

/usr/local/bin/gnutls-cli -l           

(fips list generated)

Many ciphers listed in FIPS mode should not be there.

Regards.







More information about the Gnutls-help mailing list