fix: ci: tests: Use FIPS compatible DH-param files (!9807) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge 5074-fips-compatible-dhparams into main Dec 03, 2024

When the tests were added, the files were generated without FIPS compatibility in mind. That made the tests fail on recent OpenSSL versions in FIPS mode.

So, the files were regenerated on a FIPS compliant system using the following stanza:

$ openssl dhparam -out <file> 3072

Apparently, the old files are not valid for FIPS starting with OpneSSL 3.1.X release series as "FIPS 140-3 compliance changes" are mentioned in the changelog.

Closes #5074 (closed).

Edited Dec 03, 2024 by Artem Boldariev

fix: ci: tests: Use FIPS compatible DH-param files

Merge request reports