When fips=1 is set on the kernel command line, the hmac(md5) algorithm is not usable. This leads to errors when listen() is called with the default configuration. So this leads me to the following questions: Does it make sense to change the default value when fips mode is enabled? If so, does it make more sense to handle it in userspace via sysctl, or enforce directly in the SCTP stack? It seems easy enough to check for the fips_enabled variable and disallow setting md5 through the kernel directly. Regards, Karl -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
