cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Regarding the Support of NTLM with FIPS mode enabled in LibCurl

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 06 Jan 2015 09:45:59 +0100

On Friday 02 January 2015 17:43:14 Prash Dush wrote:
> Hi Mailer,
>
> Does libCurl support NTLM with FIPS mode enabled on Linux machines.?
>
> I can see there are local implementation in libCurl source Code where local
> implementation of MD4 and MD5 can be used instead of using openssl MD4 and
> MD5 implementation.

Whether the local implementation of MD4/MD5 will be used is decided solely
at the compile time. libcurl never fallbacks to the local implementation
of MD4/MD5 if the crypto backend returns an error. The actual problem is
that the NTLM implementation in libcurl ignores failures of the MD4/MD5/DES
algorithms all over the code. This needs to be fixed I guess.

Kamil

> Is it a kind of right approach to support ntlm with fips.
>
> Please let me know your thoughts...
>
>
> Thanks
> Dushyant
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-06