Project

General

Profile

Actions
Copy link

Bug #12314

closed

Foreman does not work with FIPS enabled

Added by Kendall Moore over 8 years ago. Updated over 7 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

With FIPS mode enabled, Foreman won't run. Results are as follows:

foreman-rake apiepie:cache
Apipie cache enabled but not present yet. Run apipie:cache rake task to speed up API calls.
md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
/tmp/tmp.mrjvUccRvF: line 1: 25276 Aborted rake apipie:cache

Specifically this is because MD5 is not a valid cipher with FIPS enabled. After some digging, it seems that stems from Rack.
Check here: https://github.com/rack/rack/blob/master/lib/rack/etag.rb#L2
And here: https://github.com/rack/rack/blob/master/lib/rack/etag.rb#L68

Hopefully there aren't many cipher issues but I can't continue to find out until this one gets resolved.

Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #3511: As a security person, I would like Foreman to run in FIPS modeResolvedActions
Actions
Copy link
 #1

Updated by Dominic Cleal over 8 years ago

  • Is duplicate of Feature #3511: As a security person, I would like Foreman to run in FIPS mode added
Actions
Copy link
 #2

Updated by Dominic Cleal over 8 years ago

  • Status changed from New to Duplicate

Thanks for the report. We're tracking this under ticket #3511 since it's the older ticket, but I'll add a note there as your observations are valuable. If you come across anything else, please add it to that ticket - cheers.

Actions
Copy link

Also available in: Atom PDF