Bug 479817

Summary: Do not call pairwise tests in non-FIPS mode
Product: Red Hat Enterprise Linux 5 Reporter: Tomas Mraz <tmraz>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: low    
Version: 5.3CC: matt, ohudlick, sgrubb
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-0.9.8e-8.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 11:00:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 444768    

Description Tomas Mraz 2009-01-13 11:19:00 UTC 
The openssl package in RHEL-5.3 does not allow generating RSA keys smaller than about 384 bits. Such small keys are not practical so the bug severity is low but nevertheless in the non-FIPS mode the pairwise tests on newly generated RSA keys should not be called as they are not necessary and they always fail with very small key lengths.

So strictly speaking this is a regression but not a serious one.
Comment 5 errata-xmlrpc 2009-09-02 11:00:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1335.html