Skip to content

Disable NLA in FIPS mode#54048

Merged
probakowski merged 4 commits intomasterfrom
probakowski/fips-disable-nla
Jul 30, 2025
Merged

Disable NLA in FIPS mode#54048
probakowski merged 4 commits intomasterfrom
probakowski/fips-disable-nla

Conversation

@probakowski
Copy link
Copy Markdown
Contributor

@probakowski probakowski commented Apr 15, 2025
edited
Loading

Encryption used sspi is not FIPS-compliant, because of that, for now, we will disable NLA in FIPS mode

changelog: Disable NLA in FIPS mode

@probakowski probakowski added desktop-access no-changelog Indicates that a PR does not require a changelog entry backport/branch/v16 backport/branch/v17 labels Apr 15, 2025
@probakowski probakowski requested a review from zmb3 April 15, 2025 19:17
@github-actions github-actions bot requested review from gzdunek and kimlisa April 15, 2025 19:18
@zmb3
Copy link
Copy Markdown
Collaborator

zmb3 commented Apr 15, 2025

This approach means that NLA will never work on FIPS builds. This is okay if it's our only option, but some people prefer to run the FIPS builds even where FIPS is not required and they just don't set the --fips flag when starting Teleport.

How hard would it be to check whether the --fips flag is enabled instead of doing this at compile-time?

@probakowski
Copy link
Copy Markdown
Contributor Author

probakowski commented Apr 16, 2025

Not that hard, I changed it

@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from kimlisa May 8, 2025 19:43
@zmb3
Copy link
Copy Markdown
Collaborator

zmb3 commented May 16, 2025

@probakowski let's get this merged next week.

@probakowski probakowski added this pull request to the merge queue Jul 30, 2025
Merged via the queue into master with commit c16ee3c Jul 30, 2025
39 checks passed
@probakowski probakowski deleted the probakowski/fips-disable-nla branch July 30, 2025 10:28
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows bot commented Jul 30, 2025

@probakowski See the table below for backport results.

Branch Result
branch/v16 Failed
branch/v17 Failed
branch/v18 Failed

probakowski added a commit that referenced this pull request Jul 30, 2025
@probakowski
Disable NLA in FIPS mode (#54048)
4825484 
* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint
@probakowski probakowski mentioned this pull request Jul 30, 2025
Merged
probakowski added a commit that referenced this pull request Jul 30, 2025
@probakowski
Disable NLA in FIPS mode (#54048)
0645b2f 
* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint
@probakowski probakowski mentioned this pull request Jul 30, 2025
Merged
probakowski added a commit that referenced this pull request Jul 30, 2025
@probakowski
Disable NLA in FIPS mode (#54048)
82ddb0d 
* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint
@probakowski probakowski mentioned this pull request Jul 30, 2025
Merged
@probakowski probakowski removed the no-changelog Indicates that a PR does not require a changelog entry label Jul 30, 2025
github-merge-queue bot pushed a commit that referenced this pull request Jul 30, 2025
@probakowski
[v16] Disable NLA in FIPS mode (#57309)
0f69c9e 
* Disable NLA in FIPS mode (#54048)

* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint

* Update docs for NLA in FIPS mode (#57310)
github-merge-queue bot pushed a commit that referenced this pull request Jul 30, 2025
@probakowski
[v17] Disable NLA in FIPS mode (#57308)
e866d84 
* Disable NLA in FIPS mode (#54048)

* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint

* Update docs for NLA in FIPS mode (#57310)
github-merge-queue bot pushed a commit that referenced this pull request Jul 30, 2025
@probakowski
[v16] Disable NLA in FIPS mode (#57309)
f6a92f8 
* Disable NLA in FIPS mode (#54048)

* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint

* Update docs for NLA in FIPS mode (#57310)
github-merge-queue bot pushed a commit that referenced this pull request Jul 30, 2025
@probakowski
[v18] Disable NLA in FIPS mode (#57307)
00f8547 
* Disable NLA in FIPS mode (#54048)

* Disable NLA in FIPS mode

* Disable NLA in FIPS mode

* lint

* Update docs for NLA in FIPS mode (#57310)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@gzdunek gzdunek gzdunek approved these changes

Assignees

No one assigned

Labels

backport/branch/v17 backport/branch/v18 desktop-access rdp size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@probakowski @zmb3 @gzdunek