On Tue, Jun 28, 2011 at 11:24, Jennings, Jared L CTR USAF AFMC 46 SK/CCI <jared.jennings....@eglin.af.mil> wrote:
> I've just posted a feature request > <http://projects.puppetlabs.com/issues/8120> relating to FIPS 140-2 > compliance. I'm pointing to it here on the mailing list because I listed > there five places where Puppet (nay, Ruby!) crashed while I was testing > a deployment using FIPS mode on all hosts. It crashed because it tried > to use MD5, and OpenSSL in FIPS mode doesn't let you do that. When I > replaced these five usages of Digest::MD5 with Digest::SHA256, things > ran well, but it's merely a stopgap. Hey, thanks for filing away that request. We had previous folks asking for similar things, but no one indicated that FIPS compliant OpenSSL would absolutely refuse to work with MD5, full stop. Am I right in imagining, given your title, that FIPS mode is an absolute requirement for y'all to use Puppet on your systems? Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <dan...@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
