cURL / Mailing Lists / curl-library / Single Mail

curl-library

Is there a FIPS-compliant version of curl for NTLM ?

From: Paul D Rotter <pdrotter_at_us.ibm.com>
Date: Thu, 17 Mar 2016 18:16:42 +0000

Hello,

I am working on FIPS-compliance for our product which uses curl/openssl. I've built and verified the FIPS-compliant OpenSSL, but the one area where we are still receiving FIPS errors is in the curl NTLM authentication functions:

Curl_ntlm_core_mk_lm_hash

Curl_ntlm_core_lm_resp

These functions use a single DES cipher which is not FIPS-approved. In looking through the latest source (version 7.47.1) this is still true.

Is there any way (perhaps configuration or another module) to enforce FIPS compliance in these functions (use Triple DES instead of Single DES)?

Thank you,

Paul

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-03-17

This message: [ Message body ]
Next message: Dan Fandrich: "Re: curl api nghttp2 co-req ?"
Previous message: Daniel Stenberg: "RE: curl api nghttp2 co-req ?"
Next in thread: Daniel Stenberg: "Re: Is there a FIPS-compliant version of curl for NTLM ?"
Reply: Daniel Stenberg: "Re: Is there a FIPS-compliant version of curl for NTLM ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]