You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In case of Bullseye (SONiC 202311), to include fixes for certain CVEs such as (CVE-2023-48795), we see a need to recompiling sonic-fips importing the patches of interest from debian to openssh/openssl patchset.
Does this process of recompiling sonic-fips without any changes to SymCrypt/SymCrypt-OpenSSL repos but with patches to openssh/openssl etc. and using the built debs, invalidate FIPS 140-3 certificate?
We wanted to clarify if the certification also includes specific versions of openssh/openssl and other fips associated packages as well. If that is the case, we would await for (#57) to be merged and use the binaries from the public storage.
The text was updated successfully, but these errors were encountered:
In case of Bullseye (SONiC 202311), to include fixes for certain CVEs such as (CVE-2023-48795), we see a need to recompiling sonic-fips importing the patches of interest from debian to openssh/openssl patchset.
Does this process of recompiling sonic-fips without any changes to SymCrypt/SymCrypt-OpenSSL repos but with patches to openssh/openssl etc. and using the built debs, invalidate FIPS 140-3 certificate?
We wanted to clarify if the certification also includes specific versions of openssh/openssl and other fips associated packages as well. If that is the case, we would await for (#57) to be merged and use the binaries from the public storage.
The text was updated successfully, but these errors were encountered: