Hello,

I am trying to get ProFTPD to work with TLS in FIPS mode. This is a
Linux system running CentOS 5 64-bit. I built openssl-fips-1.1.2 from
source.

I have compiled ProFTPD 1.3.2rc1 as follows:

../configure --prefix=/usr/local/proftpd --disable-ident
--with-modules=mod_tls --with-includes=/usr/local/openssl-fips/include
--with-libraries=/usr/local/openssl-fips/lib
make CC=/usr/local/openssl-fips/bin/fipsld FIPSLD_CC=gcc
make CC=/usr/local/openssl-fips/bin/fipsld FIPSLD_CC=gcc install


Starting up ProFTPD as normal with mod_tls configured works fine. I
can connect in TLS mode from FileZilla client.


Then I start up ProFTPD with FIPS enabled, as follows:

/usr/local/proftpd/sbin/proftpd -DTLS_USE_FIPS

It starts up fine. But when connecting from a FTP client with TLS, it
gives this error:


May 16 11:29:52 mod_tls/2.2[9810]: using default OpenSSL verification
locations (see $SSL_CERT_DIR environment variable)
May 16 11:29:52 mod_tls/2.2[9810]: TLS/TLS-C requested, starting TLS handshake
May 16 11:29:52 mod_tls/2.2[9810]: unable to accept TLS connection:
(1) error:24066067:random number generator:FIPS_RAND_BYTESrng not rekeyed
(2) error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl session id
callback failed
May 16 11:29:52 mod_tls/2.2[9810]: TLS/TLS-C negotiation failed on
control channel



A search for the "prng not rekeyed" error indicates it is due to
threads getting different PIDs. But I don't see how to resolve this
issue.

Any ideas or suggestions would be appreciated.

Thank you,

Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html