Hi, Captain! On Aug 29, Captain Wiggum wrote: > Hi All, > > I have searched the archives and forums and cannot find an answer to > this question. > Does mariadb support FIPS, and if so, how or where is a document about > this.
Yes, it does. The link was earlier in the thread. > I use mariadb 10.3.17 with OpenSSL 1.0.2 with FIPS enabled, all > built from source. The fact that it works means that MariaDB supports FIPS, right? :) > In FIPS mode, SHA1 is disallowed by openssl, as required by FIPS. > However, when I search the mariadb code, SHA1 is used in many places. FIPS doesn't disallow SHA1. As far as I understand, it only doesn't allow to use SHA1 for digital signatures. And MariaDB doesn't do that. > How can I update mariadb to use sha256, without a ton of recoding? you cannot. if you don't want to use SHA1, use a different authentication plugin, for example, ed25519 or PAM. Regards, Sergei VP of MariaDB Server Engineering and secur...@mariadb.org _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
