Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): - freerdp-1.0.2-6.el7_2.1.x86_64 - freerdp-libs-1.0.2-6.el7_2.1.x86_64 - freerdp-plugins-1.0.2-6.el7_2.1.x86_64 How reproducible: Steps to Reproduce: 1. enable FIPS mode 2. attempt to connect to a RDP host 3. Actual results: [2016-08-03 09:13] user@rhel ~: $sysctl crypto.fips_enabled crypto.fips_enabled = 1 [2016-08-03 09:13] user@rhel ~: $xfreerdp -d NETSERVICES -g 1680x1020 -u ksf --plugin cliprdr --plugin rdpsnd --plugin drdynvc --data tsmf:audio:pulse -- ws-kodiakbear.sei.cmu.edu loading plugin cliprdr loading plugin rdpsnd loading plugin drdynvc connected to host:3389 Password: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! Aborted (core dumped) Expected results: - successful connection Additional info:
This issue appears to be identical to the one identified in https://bugzilla.redhat.com/show_bug.cgi?id=1347920 for RHEL 6
https://github.com/FreeRDP/FreeRDP/issues/3412
It seems it is fixable. I added some notes to the upstream bug report, however, I didn't have time to propose fix yet, sorry: https://github.com/FreeRDP/FreeRDP/issues/3412#issuecomment-263958217
I proposed the following pull request: https://github.com/FreeRDP/FreeRDP/pull/3877 which have been superseded by: https://github.com/FreeRDP/FreeRDP/pull/3904 which will be hopefully merged upstream soon...
Just a note that FIPS encryption method is automatically used and NLA authentication is automatically disabled with this build if OpenSSL operates in FIPS mode. NLA can't be used, because FreeRDP implements only NTLM, which requires MD5, which isn't FIPS compliant.
Have tested on x86_64 system running in FIPS mode with freerdp-1.0.2-13.el7.x86_64 and got mentioned error: md4_dgst.c(75): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! Aborted (core dumped) After update to freerdp-1.0.2-14.el7.x86_64 it works fine.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0724