On Tue, May 01, 2012 at 06:26:05PM -0500, Anthony Liguori wrote: > On 05/01/2012 04:20 PM, Paul Moore wrote: > >FIPS 140-2 requires disabling certain ciphers, including DES, which is used > >by VNC to obscure passwords when they are sent over the network. The > >solution for FIPS users is to disable the use of VNC password auth when the > >host system is operating in FIPS mode. > > Sorry, what? > > Does FIPS really require software to detect when FIPS is enabled and > actively disable features??? That's absurd. > > Can you point to another software package that does something like this?
All the SSL libraries for a start (NSS, OpenSSL & GNUTLS). If we were using one of those for the VNC DES code we would be disabled. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
