duplicity-team team mailing list archive

Thread
Date

Re: [Question #689178]: Duplicity fails with FIPS enabled

To: duplicity-team@xxxxxxxxxxxxxxxxxxx
From: Kenneth Loafman <question689178@xxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 07 Mar 2020 20:47:28 -0000
Reply-to: question689178@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #689178 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/689178

Kenneth Loafman posted a new comment:
https://www.google.com/search?q=ValueError%3A+error%3A060800A3%3Adigital+envelope+routines%3AEVP_DigestInit_ex%3Adisabled+for+fips&oq=ValueError%3A+error%3A060800A3%3Adigital+envelope+routines%3AEVP_DigestInit_ex%3Adisabled+for+fips&aqs=chrome..69i57j69i58j69i61.1581j0j7&sourceid=chrome&ie=UTF-8

Following that link will show you the mess that the hashlib is in.  I'm
not sure at this point which direction the software will take.
Redhat/Centos added an argument to allow use in non-secure manner, but
that's only a small part of the equation since that is not standard
across the majority of Linux.

Going to make a bug report out of it and see if we can get some non-
invasive answers.  Changing from md5/sha1 to something stronger makes no
sense since they are not being used for security and would be backwards
incompatible.

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.