The usedforsecurity parameter is supported only in RHEL/CentOS 6,7.
The issue cannot be resolved on Ubuntu 1604.
The md5 is used for generating ETag header and whether the page
content is cached. If not cached, the content is just rendered and
sent to the client.
We could use sha1 rather than md5 because it is not needed to keep the
value between Trac versions. However, md5 is used in also
trac/web/auth.py to implement HTTP digest authentication and cannot be
removed. Therefore, HTTP digest authentication cannot be used with
FIPS 140-2 environment.
If you don't need FIPS 140-2, try to disable FIPS 140-2.
diff --git a/trac/web/api.py b/trac/web/api.py
index f98d1a93d..b93f4af36 100644
--- a/trac/web/api.py
+++ b/trac/web/api.py
@@ -19,7 +19,7 @@ from BaseHTTPServer import BaseHTTPRequestHandler
from Cookie import CookieError, BaseCookie, SimpleCookie
import cgi
from datetime import datetime
-from hashlib import md5
+from hashlib import sha1
import new
import mimetypes
import os
@@ -636,7 +636,7 @@ class Request(object):
so that consecutive requests can be cached.
"""
if isinstance(extra, list):
- m = md5()
+ m = sha1()
for elt in extra:
m.update(repr(elt))
extra = m.hexdigest()
--
Jun Omae <
jun...@gmail.com> (大前 潤)