Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-5281

Encryption used by Galera should be allowed in FIPS mode

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • rhos-18.0.0
    • mariadb-operator
    • None
    • Change default Galera cypher with FIPS is in use
    • False
    • Hide

      None

      Show
      None
    • False
    • OSPRH-787FIPS Support in OSO 18.0
    • Not Selected
    • Proposed
    • Proposed
    • To Do
    • OSPRH-787 - FIPS Support in OSO 18.0
    • Proposed
    • Proposed
    • Approved

      The Galera service uses so-called GCOMM protocol to communicate between galera nodes, over an encrypted channel.

      The default encryption method uses AES128-SHA256, which is forbidden when FIPS-mode is enabled. When FIPS is enabled, OSP 17 uses ECDHE-RSA-AES256-GCM-SHA384.

       

            rhn-engineering-dciabrin Damien Ciabrini
            rhn-engineering-dciabrin Damien Ciabrini
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: