Re: [libvirt] [PATCH] security: fix DH key generation when FIPS mode is on

On Thu, Sep 04, 2014 at 10:33:37AM +0200, Giuseppe Scrivano wrote: > When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is > specified as the prime's number of bits, a bigger value works in both > cases. > > Signed-off-by: Giuseppe Scrivano <gscrivan(a)redhat.com&gt; > --- > > with the development version of GNU TLS is possible to test FIPS mode > setting the env variable GNUTLS_FORCE_FIPS_MODE=2 How about we set that env variable in our two TLS tests too, because we really want libvirt to be always able to run in FIPS mode.