External Email - Use Caution My understanding is no environment variable setting like OPENSSL_FIPS=0 will allow md5 or other algorithms found in linux open source code to run which are not allowed under FIPS, e.g., see list, docs.oracle.com/cd/E36784_01/html/E54953/fips-notok-1.html Barring any environment override to turn off FIPS, and assuming you can’t boot into a non-FIPS enabled kernel to run Freesurfer, then one alternative could be to run a container or VM that is not FIPS enabled and in turn run Freesurfer in that. That container/VM could be constrained with specific userids, limited mount points, limited network connections, etc. There are examples of users running (even cloud based) container instances where they need to disable FIPS in order to run software/services, http://secure-web.cisco.com/1YPySRXdxKA8W9FNheIf6NOl70aLbr0Kl0TeGnNEk89j6ZUoOJRtuJtnnxwZuWICUAkY_Pjs9rPizChyCRPYUGiAMt1FVHZf6rmnzJkvwkV6miRhnhRw7aXn_w70bdIrsxiQvI2WLPjX6T1dA6Dkrd7wDniwdtOTglgaY-ag8Rtn7QhOZR76RiWogZT-mC3htbReLOG3lyZy03ZOqwkwvwrRrTtwXfz-kQpgxSfeAS_c4FZyDAvnyNfRWGzpd8eP_3lK6PFqoIsMdk-ksFKMExrqX80qiOSAxwT8Hoi7AYqZ7S3fVAipM3cBSx9lzywjibVfSuov-3aIQZ3zs20O0UG5qAjtTab1-08UNNeLjCnA/http%3A%2F%2Fwww.ibm.com%2Fdocs%2Fen%2Fcloud-private%2F3.2.0%3Ftopic%3Dguide-enabling-disabling-fips-mode We currently don’t have resources to test Freesurfer in a FIPS environment. But I would not expect FS to run under FIPS given the list in the above link.. - R.
On Jul 24, 2023, at 12:26, Salomon, Ryan <rsalo...@upenn.edu> wrote: External Email - Use Caution Hello!I'm trying to support our users who use Freesurfer on our systems, but we are trying to keep to a rollout of FIPS, without the need to employ any hacks or the like, and I don't believe non-FIPS is an option on our systems. We still encounter the crypt() error on Freesurfer versions greater than 7.1.1, and again, non-FIPS is likely not an option. There is an environment variable workaround that has been mentioned elsewhere and it doesn't seem to be working for me for mri_deface at least, and again, I really would like to see a word about a proper solution. _______________________________________________Freesurfer mailing listfreesur...@nmr.mgh.harvard.eduhttps://mail.nmr.mgh.harvard.edu/mailman/listinfo/freesurfer
_______________________________________________ Freesurfer mailing list Freesurfer@nmr.mgh.harvard.edu https://mail.nmr.mgh.harvard.edu/mailman/listinfo/freesurfer Please note that this e-mail is not secure (encrypted). If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately. Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.
