Hi, ... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode) https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0 Specifically: "FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0" "FCS_TLSS_EXT.2.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0" In this case, would it be possible to simply compile OpenSSL without support for SSL 3.0, while having FIPS mode taking care of the rest ? I do not remeber the exact option now, although I'm almost sure there's a compile option to exclude SSL 3.0. Am I right and would that work ? Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/FIPS-SSL-3-0-now-forbidden-in-latest-NDCPP-update-tp57695.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
