openssl FIPS mode
Timothy J. Ebben
tebben at freeporttech.com
Thu Nov 7 18:46:00 UTC 2024
Alan Dekok wrote:
> Don't enable FIPS mode. The RADIUS protocol uses MD5. MS-CHAP uses MD4.
Thank you for your advice. I was misled by an out-of-date reference. According to the following link, FreeRADIUS can be used with FIPS mode:
https://networkradius.com/articles/2020/10/28/freeradius-fips.html
Specifically:
> FreeRADIUS just passes a special flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to the OpenSSL APIs!
Unfortunately, that flag has no effect in openssl version 3. Perhaps the above documentation could be updated.
More information about the Freeradius-Users
mailing list