Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

FIPS integrity verification test failed when iniating SSH session

I recently enabled the FIPS module under CentOS 6 (minimum install).

Module is confirmed working:

cat /proc/sys/crypto/fips_enabled yields 1

openssl md5 somefile(fails) and openssl sha1 somefile(succeeds).

openssl version yields OpenSSL 1.0.1e-fips 11 Feb 2013

When I attempt to ssh into a box I connect to daily, I now see a notice stating:

FIPS integrity verification test failed

The session continues and I am able to connect to the remote server. Is the connection still secure?

like image 987
a coder Avatar asked Sep 27 '22 19:09

a coder


1 Answers

The session continues and I am able to connect to the remote server. Is the connection still secure?

Yes.

OpenSSL is known as FIPS Capable. The FIPS Capable version of the library can use validated cryptography.

If FIPS_mode_set is not called, then the module is using non-validated cryptography. If FIPS_mode_set is called but fails (your situation), then the module using non-validated cryptography. In both case you are using cryptography, its just not blessed by FIPS.

like image 144
jww Avatar answered Oct 13 '22 01:10

jww