8 Nov
2024
8 Nov
'24
2:53 a.m.
On Nov 7, 2024, at 6:46 PM, Timothy J. Ebben via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Thank you for your advice. I was misled by an out-of-date reference. According to the following link, FreeRADIUS can be used with FIPS mode: https://networkradius.com/articles/2020/10/28/freeradius-fips.html
Specifically:
FreeRADIUS just passes a special flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to the OpenSSL APIs!
Unfortunately, that flag has no effect in openssl version 3. Perhaps the above documentation could be updated.
It appears that OpenSSL3 change the behavior of their APIs. We'll take a look. Alan DeKok.