https://bz.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #24 from Christopher Schultz ---
(In reply to Ben Mason from comment #21)
> I am still getting this error as well. Is this the key length issue? It is
> unclear in this thread whether that was ever fixed. Rob Sanders said he
> filed
https://bz.apache.org/bugzilla/show_bug.cgi?id=56027
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
did wrong.
-R
From: bugzi...@apache.org [bugzi...@apache.org]
Sent: Wednesday, July 02, 2014 10:26 AM
To: dev@tomcat.apache.org
Subject: [Bug 56027] Unable to use TCN on RHEL6 boxes if box is booted in fips
mode
https://issues.apache.org/bugzilla/show_b
___
From: bugzi...@apache.org [bugzi...@apache.org]
Sent: Wednesday, July 02, 2014 10:26 AM
To: dev@tomcat.apache.org
Subject: [Bug 56027] Unable to use TCN on RHEL6 boxes if box is booted in fips
mode
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #22 from Konstantin Kolinko ---
(
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #22 from Konstantin Kolinko ---
(In reply to Ben Mason from comment #21)
> Is this the key length issue? It is
> unclear in this thread whether that was ever fixed. Rob Sanders said he
> filed another bug, but it appears it was
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #21 from Ben Mason ---
I am still getting this error as well. Is this the key length issue? It is
unclear in this thread whether that was ever fixed. Rob Sanders said he filed
another bug, but it appears it was deleted.
(In re
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #20 from Christopher Schultz ---
I believe the "SSL2 MD5" routines problem is different from this issue, which
was to allow Tomcat to start up with OpenSSL already in FIPS mode (e.g. don't
choke and die if we're already in FIPS
bugzi...@apache.org [bugzi...@apache.org]
Sent: Wednesday, June 25, 2014 12:56 PM
To: dev@tomcat.apache.org
Subject: [Bug 56027] Unable to use TCN on RHEL6 boxes if box is booted in fips
mode
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Simon Mijolovic changed:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Simon Mijolovic changed:
What|Removed |Added
CC||smijolo...@nutanix.com
--
You a
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Simon Mijolovic changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Version|1.1.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Konstantin Kolinko changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|-
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #17 from Konstantin Kolinko ---
Follow-ups in Tomcat 8 in r1590300 r1590339 (8.0.6), r1590340 (7.0.54).
Updated patch was proposed for Tomcat 6.
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #16 from Christopher Schultz ---
Fixed in Tomcat trunk in r1587378, r1587379, and r1587723. Will be included in
Tomcat 8.0.6 and later.
Fixed in Tomcat 7.0 branch in r1587378, r1587661, and r1587734. Will be
included in Tomcat 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #15 from Rob Sanders ---
As per request I've filed a new bug for the failure to init the RSA 512 bit
temporary key (https://issues.apache.org/bugzilla/show_bug.cgi?id=56396).
--
You are receiving this mail because:
You are the
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #14 from Rob Sanders ---
I remember reading some of the SSL docs that certain key lengths may be invalid
for regular use, they are valid for key agreement/establishment. Quoting from
the somewhat confusing section 2.6.2 of the
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #13 from Christopher Schultz ---
(In reply to Ben Mason from comment #12)
> ...that will not fix problem #2,
> correct? I am seeing that on SLES 11 as well. Do you need someone to
> contribute a fix for #2, or is someone working
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #12 from Ben Mason ---
(In reply to Christopher Schultz from comment #10)
> We need a tcnative release before Tomcat itself can be patched.
>
> If you grab the current tcnative 1.1.x branch, it will have what you need.
> If you
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Christopher Schultz changed:
What|Removed |Added
Attachment #31226|0 |1
is obsolete|
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #10 from Christopher Schultz ---
We need a tcnative release before Tomcat itself can be patched.
If you grab the current tcnative 1.1.x branch, it will have what you need. If
you then apply this patch to 7.0.52 (which is quite
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #9 from Ben Mason ---
(In reply to Christopher Schultz from comment #8)
> Created attachment 31226 [details]
> Proposed patch against Tomcat-trunk
>
> Feel free to adapt this patch for Tomcat 6.
Chris-
I am having the same is
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #8 from Christopher Schultz ---
Created attachment 31226
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31226&action=edit
Proposed patch against Tomcat-trunk
Feel free to adapt this patch for Tomcat 6.
--
You are
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #7 from Rob Sanders ---
Concur on comment 3 - had dueling edits going on.
For our customer at the moment I'm implementing the TCN only fix. Once the
next TC6 and TCN releases are out we'll move to them.
Thanks Chris.
--
You
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #6 from Christopher Schultz ---
Added fipsModeGet JNI implementation in both tcnative trunk and tcnative 1.1.x
branch. Will be in tcnative 1.1.30.
--
You are receiving this mail because:
You are the assignee for the bug.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #4 from Rob Sanders ---
Looking at the openssl source for my box a double call to FIPS_mode_set to
*enable* FIPS triggers an error - including setting the internal
fips_selftest_fail flag to 1 indicating a failure.
Understood o
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #5 from Christopher Schultz ---
(In reply to Rob Sanders from comment #4)
> Proposed fix - in TCN src/ssl.c fipsModeSet() routine, call FIPS_mode()
> before calling FIPS_mode_set() to see if we're already in fips mode. If so,
>
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #3 from Christopher Schultz ---
This bug will likely require (at least) two separate patches: one for avoiding
double-entry into FIPS mode, one for changing the key sizes used, and possibly
one for creating a native-wrapper arou
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
Christopher Schultz changed:
What|Removed |Added
Severity|major |normal
--- Comment #2 from C
https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
--- Comment #1 from Rob Sanders ---
Marked as major due to a customer requirement to have their RHEL6 boxes running
in FIPS mode at boot. They are temporarily relaxing this while we have worked
on determining the problem.
--
You are rece
28 matches
Mail list logo
