<div dir="ltr">The bug is publicly visible. You can follow it <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1092840">https://bugzilla.redhat.com/show_bug.cgi?id=1092840</a><div><br></div><div><br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Apr 30, 2014 at 10:34 PM, Matthew Rinella <span dir="ltr"><<a href="mailto:MRinella@apptio.com" target="_blank">MRinella@apptio.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks Kaushal. I should have known to mention I was using FIPS from the start. Its interesting to see what enabling this breaks.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Are the bug reports publicly viewable? I’d like to view the progress.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Personally Id rather see it as a feature request to give the user the option to disable certain algorithms, or tell gluster it’s a fips environment so it automatically
does.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#ff671f">-Matt<u></u><u></u></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Kaushal M [mailto:<a href="mailto:kshlmster@gmail.com" target="_blank">kshlmster@gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, April 29, 2014 10:21 PM<br>
<b>To:</b> Justin Clift<br>
<b>Cc:</b> Matthew Rinella; Gluster Users; Niels de Vos</span></p><div class=""><br>
<b>Subject:</b> Re: [Gluster-users] volume start causes glusterd to core dump in 3.5.0<u></u><u></u></div><p></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Just tested this. It is the use of MD5 in FIPS mode which is causing the crash. I'll open a bug so that this can be tracked.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">~kaushal<u></u><u></u></p>
</div>
</div><div><div class="h5">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Wed, Apr 30, 2014 at 10:01 AM, Kaushal M <<a href="mailto:kshlmster@gmail.com" target="_blank">kshlmster@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">I know about FIPS only by name and I'm not familiar with it.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">A simple google search reveals that MD5 is not FIPS compliant and cannot be used in FIPS enabled mode. Can someone confirm this?<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="color:#888888"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">~kaushal<u></u><u></u></span></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Wed, Apr 30, 2014 at 5:25 AM, Justin Clift <<a href="mailto:justin@gluster.org" target="_blank">justin@gluster.org</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">On 29/04/2014, at 10:54 PM, Matthew Rinella wrote:<br>
> I have this result:<br>
><br>
> openssl-1.0.1e-16.el6_5.7.x86_64<u></u><u></u></p>
</div>
<p class="MsoNormal">Hmmm, that's the same version as a host here that's working.<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
> So Im going to admit I also have FIPS mode enabled on my hosts, which is necessary, unfortunately. This causes a huge problem with puppet because of the crypto algorithms allowed/disallowed. Im wondering if this is going to be an issue with gluster as
well.<u></u><u></u></p>
</div>
<p class="MsoNormal">Personally, I'm not sure. This *might* be the case atm.<br>
<br>
This sounds like something the product guys (Red Hat Storage) would<br>
be interested in, since playing well with FIPS mode may be needed<br>
for some financial institution/government type customers.<br>
<br>
Niels/Kaushal, any ideas?<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
+ Justin<br>
<br>
--<br>
Open Source and Standards @ Red Hat<br>
<br>
<a href="http://twitter.com/realjustinclift" target="_blank">twitter.com/realjustinclift</a><u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</blockquote></div><br></div>