FIPS: SSL 3.0 now forbidden in latest NDCPP update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 24, 2015, jonetsu wrote:

> 
>   ... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)
> 
> https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0
> 
> Specifically:
> 
> "FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
> 1.0, SSL
> 2.0, SSL 3.0, TLS 1.0"
> 
> "FCS_TLSS_EXT.2.2 The TSF shall deny connections from clients requesting SSL
> 1.0, SSL
> 2.0, SSL 3.0, TLS 1.0"
> 
> In this case, would it be possible to simply compile OpenSSL without support
> for SSL 3.0, while having FIPS mode taking care of the rest ?  I do not
> remeber the exact option now, although I'm almost sure there's a compile
> option to exclude SSL 3.0.  Am I right and would that work ?
> 

In FIPS mode SSL 3.0 is not allowed: that has always been the case. TLS 1.0 is
currently permitted though.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux