[ https://issues.apache.org/jira/browse/KUDU-3210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17225720#comment-17225720 ]
ASF subversion and git services commented on KUDU-3210: ------------------------------------------------------- Commit 46231c52f5f16c1613d92f3393724f3c4c15db22 in kudu's branch refs/heads/master from Attila Bukor [ https://gitbox.apache.org/repos/asf?p=kudu.git;h=46231c5 ] KUDU-3210 Disable digest authn in FIPS mode The webserver supports digest authentication, which is considered insecure as it's based on MD5. This doesn't comply with FIPS 140-2, so it needs to be disabled in FIPS approved mode. Squeasel also used to roll its own MD5 implementation instead of using OpenSSL's implementation. This commit also bumps the Squeasel version to the most recent commit that already removes the MD5 implementation in favor of OpenSSL's one. This is useful in case we need to catch some other non-FIPS-compliant usages in the future. This new version no longer supports PROPFIND and MKCOL methods, which we fortunately didn't use, but string matched the list of supported methods in tests. Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf Reviewed-on: http://gerrit.cloudera.org:8080/16675 Reviewed-by: Alexey Serbin <aser...@cloudera.com> Tested-by: Attila Bukor <abu...@apache.org> > Support FIPS approved mode > -------------------------- > > Key: KUDU-3210 > URL: https://issues.apache.org/jira/browse/KUDU-3210 > Project: Kudu > Issue Type: Improvement > Reporter: Attila Bukor > Assignee: Attila Bukor > Priority: Major > > FIPS 140-2 is a standard used to approve cryptographic modules. Some versions > of OpenSSL support a "FIPS mode" where only approved algorithms and key sizes > are enabled. Kudu should be able to run when FIPS mode is enabled and should > provide a way for admins to require that FIPS mode is enabled. -- This message was sent by Atlassian Jira (v8.3.4#803005)