Bug 845112 - pptp fails mppe in FIPS mode, request to document this
pptp fails mppe in FIPS mode, request to document this
Product: Fedora
Classification: Fedora
Component: pptp (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Paul Howarth
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-08-01 15:51 EDT by Paul Wouters
Modified: 2012-09-17 18:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-09-17 18:24:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2012-08-01 15:51:44 EDT
Description of problem:
pptp/pppd fails to load the ppp_mppe module in FIPS mode. This is probably correct, as PPTP is broken and not even non-fips users should be using this.

But the error is not clear at all and it took me quite some time to pinpoint the cause.

Suggestion to add some text in /etc/ppp/options.pptp:

 # Encryption
 # (There have been multiple versions of PPP with encryption support,
 # choose with of the following sections you will use.  Note that MPPE
 # requires the use of MSCHAP-V2 during authentication)
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
+# is not allowed and PPTP-MPPE is not available.
Comment 1 Fedora Update System 2012-08-31 06:15:52 EDT
pptp-1.7.2-17.fc18 has been submitted as an update for Fedora 18.
Comment 2 Paul Howarth 2012-08-31 06:20:33 EDT
I've added commentary about this (and also about the particular insecurity of MS-CHAPv2) in options.pptp in F-18 and Rawhide, and also upstream.

I don't really think this warrants an update in F-17 though.
Comment 3 Fedora Update System 2012-08-31 12:01:30 EDT
Package pptp-1.7.2-17.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pptp-1.7.2-17.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-09-17 18:24:16 EDT
pptp-1.7.2-17.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.