Bug 845112 - pptp fails mppe in FIPS mode, request to document this
Summary: pptp fails mppe in FIPS mode, request to document this
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pptp
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul Howarth
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-01 19:51 UTC by Paul Wouters
Modified: 2012-09-17 22:24 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-17 22:24:16 UTC
Type: Bug


Attachments (Terms of Use)

Description Paul Wouters 2012-08-01 19:51:44 UTC
Description of problem:
pptp/pppd fails to load the ppp_mppe module in FIPS mode. This is probably correct, as PPTP is broken and not even non-fips users should be using this.

But the error is not clear at all and it took me quite some time to pinpoint the cause.

Suggestion to add some text in /etc/ppp/options.pptp:

 # Encryption
 # (There have been multiple versions of PPP with encryption support,
 # choose with of the following sections you will use.  Note that MPPE
 # requires the use of MSCHAP-V2 during authentication)
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
+# is not allowed and PPTP-MPPE is not available.

Comment 1 Fedora Update System 2012-08-31 10:15:52 UTC
pptp-1.7.2-17.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/pptp-1.7.2-17.fc18

Comment 2 Paul Howarth 2012-08-31 10:20:33 UTC
I've added commentary about this (and also about the particular insecurity of MS-CHAPv2) in options.pptp in F-18 and Rawhide, and also upstream.

I don't really think this warrants an update in F-17 though.

Comment 3 Fedora Update System 2012-08-31 16:01:30 UTC
Package pptp-1.7.2-17.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pptp-1.7.2-17.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-13056/pptp-1.7.2-17.fc18
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2012-09-17 22:24:16 UTC
pptp-1.7.2-17.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.