bci-base needs extra environment variables to enforce FIPS mode
Summary
The OpenSSL and GCrypt libraries in the base container image need additional environment variables to enforce FIPS 140-2/3 mode in all cases.
What is the current bug behavior?
we're missing the enforcement of FIPS mode in LIBGCRYPT and the openssl command line utility
What is the expected correct behavior?
we need to add
ENV OPENSSL_FIPS=1
ENV LIBGCRYPT_FORCE_FIPS_MODE=1
Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info