Red Hat Bugzilla – Bug 479817
Do not call pairwise tests in non-FIPS mode
Last modified: 2009-09-02 07:00:51 EDT
The openssl package in RHEL-5.3 does not allow generating RSA keys smaller than about 384 bits. Such small keys are not practical so the bug severity is low but nevertheless in the non-FIPS mode the pairwise tests on newly generated RSA keys should not be called as they are not necessary and they always fail with very small key lengths.
So strictly speaking this is a regression but not a serious one.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.