Use sign v1.3 when fips mode is selected

author: Jay Mundrawala <jdmundrawala@gmail.com> 2015-12-11 10:31:27 -0800
committer: Jay Mundrawala <jdmundrawala@gmail.com> 2016-01-25 09:51:06 -0800
commit: 0a3affad66cadc1e9a32afc31160cc1304ef331b (patch)
tree: 78fb30b87357173e9664c592ca63bc442c2cafbd /chef-config
parent: d999373538ad9861ad8176d2ecd1ead02d487814 (diff)
download: chef-0a3affad66cadc1e9a32afc31160cc1304ef331b.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index 5705ffbf56..124c5d6464 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -450,10 +450,19 @@ module ChefConfig
     # Where should chef-solo download recipes from?
     default :recipe_url, nil
 
+    # Set to true if Chef is to set OpenSSL to run in FIPS mode
+    default :openssl_fips, false
+
     # Sets the version of the signed header authentication protocol to use (see
     # the 'mixlib-authorization' project for more detail). Currently, versions
-    # 1.0 and 1.1 are available.
-    default :authentication_protocol_version, "1.1"
+    # 1.0, 1.1, and 1.3 are available.
+    default :authentication_protocol_version do
+      if openssl_fips
+        "1.3"
+      else
+        "1.1"
+      end
+    end
 
     # This key will be used to sign requests to the Chef server. This location
     # must be writable by Chef during initial setup when generating a client
author	Jay Mundrawala <jdmundrawala@gmail.com>	2015-12-11 10:31:27 -0800
committer	Jay Mundrawala <jdmundrawala@gmail.com>	2016-01-25 09:51:06 -0800
commit	0a3affad66cadc1e9a32afc31160cc1304ef331b (patch)
tree	78fb30b87357173e9664c592ca63bc442c2cafbd /chef-config
parent	d999373538ad9861ad8176d2ecd1ead02d487814 (diff)
download	chef-0a3affad66cadc1e9a32afc31160cc1304ef331b.tar.gz