Project

General

Profile

Actions
Copy link

Bug #12314

closed

Foreman does not work with FIPS enabled

Added by Kendall Moore over 8 years ago. Updated almost 8 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

With FIPS mode enabled, Foreman won't run. Results are as follows:

foreman-rake apiepie:cache
Apipie cache enabled but not present yet. Run apipie:cache rake task to speed up API calls.
md5_dgst.c(80): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
/tmp/tmp.mrjvUccRvF: line 1: 25276 Aborted rake apipie:cache

Specifically this is because MD5 is not a valid cipher with FIPS enabled. After some digging, it seems that stems from Rack.
Check here: https://github.com/rack/rack/blob/master/lib/rack/etag.rb#L2
And here: https://github.com/rack/rack/blob/master/lib/rack/etag.rb#L68

Hopefully there aren't many cipher issues but I can't continue to find out until this one gets resolved.

Related issues 1 (0 open1 closed)

Is duplicate of Foreman - Feature #3511: As a security person, I would like Foreman to run in FIPS modeResolvedActions
Actions
Copy link

Also available in: Atom PDF