Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6F8C410A9A for ; Fri, 17 Jan 2014 16:33:41 +0000 (UTC) Received: (qmail 10674 invoked by uid 500); 17 Jan 2014 16:33:34 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 10515 invoked by uid 500); 17 Jan 2014 16:33:34 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 10506 invoked by uid 99); 17 Jan 2014 16:33:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jan 2014 16:33:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jan 2014 16:33:31 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id E9AD61CA63; Fri, 17 Jan 2014 16:33:10 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 56027] Unable to use TCN on RHEL6 boxes if box is booted in fips mode Date: Fri, 17 Jan 2014 16:33:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat Native X-Bugzilla-Component: Library X-Bugzilla-Version: 1.1.29 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: chris@christopherschultz.net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=56027 --- Comment #3 from Christopher Schultz --- This bug will likely require (at least) two separate patches: one for avoiding double-entry into FIPS mode, one for changing the key sizes used, and possibly one for creating a native-wrapper around the FIPS_mode function call so Java can inspect the current status and take appropriate action. I think the best situation would be to allow the user to specify more than simply "on" versus "off" for the FIPSmode configuration attribute: it would be nice to use something like "on" to enable FIPS mode by calling FIPS_mode_set if necessary, "require" to require that FIPS mode already be enabled (or throw an exception and refuse to start the connector), or maybe a third option like "enter" which would attempt to enter FIPS mode and fail if FIPS mode were already enabled (this is the current behavior). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org