[ 
https://issues.apache.org/jira/browse/KUDU-3210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17225720#comment-17225720
 ] 

ASF subversion and git services commented on KUDU-3210:
-------------------------------------------------------

Commit 46231c52f5f16c1613d92f3393724f3c4c15db22 in kudu's branch 
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=46231c5 ]

KUDU-3210 Disable digest authn in FIPS mode

The webserver supports digest authentication, which is considered
insecure as it's based on MD5. This doesn't comply with FIPS 140-2, so
it needs to be disabled in FIPS approved mode.

Squeasel also used to roll its own MD5 implementation instead of using
OpenSSL's implementation. This commit also bumps the Squeasel version to
the most recent commit that already removes the MD5 implementation in
favor of OpenSSL's one. This is useful in case we need to catch some
other non-FIPS-compliant usages in the future. This new version no
longer supports PROPFIND and MKCOL methods, which we fortunately didn't
use, but string matched the list of supported methods in tests.

Change-Id: I4a446aa8d95a67658c727d3a6f85943d64c79ecf
Reviewed-on: http://gerrit.cloudera.org:8080/16675
Reviewed-by: Alexey Serbin <aser...@cloudera.com>
Tested-by: Attila Bukor <abu...@apache.org>


> Support FIPS approved mode
> --------------------------
>
>                 Key: KUDU-3210
>                 URL: https://issues.apache.org/jira/browse/KUDU-3210
>             Project: Kudu
>          Issue Type: Improvement
>            Reporter: Attila Bukor
>            Assignee: Attila Bukor
>            Priority: Major
>
> FIPS 140-2 is a standard used to approve cryptographic modules. Some versions 
> of OpenSSL support a "FIPS mode" where only approved algorithms and key sizes 
> are enabled. Kudu should be able to run when FIPS mode is enabled and should 
> provide a way for admins to require that FIPS mode is enabled.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to