Hello all,
I am trying to run unrealircd on RHEL 7.6 which is being run in FIPS-140-2 mode. When running ./unrealircd start I get the following error.
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
I understand the underlying problem but the questions is how to run unrealircd with a FIPS compliant cipher?
Thanks for any help.
UnrealIRCd in FIPS mode
Moderator: Supporters
Re: UnrealIRCd in FIPS mode
You could decide not to load the "cloak" module. This will disable cloaking which uses MD5 internally.
You do this by adding the following to your unrealircd.conf:
You do this by adding the following to your unrealircd.conf:
Code: Select all
blacklist-module "cloak";
-
- Posts: 3
- Joined: Thu Feb 28, 2019 9:07 pm
Re: UnrealIRCd in FIPS mode
Thanks for the response but it is still failing.
I tried the following with no success:
-- added 'blacklist-module "cloak" after include "modules.default.conf" in unrealircd.conf
-- commented out 'loadmodule "cloak" from modules.default.conf
Thoughts?
I tried the following with no success:
-- added 'blacklist-module "cloak" after include "modules.default.conf" in unrealircd.conf
-- commented out 'loadmodule "cloak" from modules.default.conf
Thoughts?
Re: UnrealIRCd in FIPS mode
I just realized that we use MD5 also for seeding the random generator. So, yeah, that simple trick of not loading the cloaking module won't be sufficient.
It would require code changes in UnrealIRCd to support FIPS-140-2. You could open up a feature request at https://bugs.unrealircd.org/ if you want.
It would require code changes in UnrealIRCd to support FIPS-140-2. You could open up a feature request at https://bugs.unrealircd.org/ if you want.
-
- Posts: 3
- Joined: Thu Feb 28, 2019 9:07 pm
Re: UnrealIRCd in FIPS mode
I do not believe I have permission to create a new bug report or cannot find the option in the UI. Would somebody be kind enough to support a change request such that unrealircd will be able to run on RHEL 7.x with FIPS mode enabled/enforced.