FIPS: SSL 3.0 now forbidden in latest NDCPP update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

> In FIPS mode SSL 3.0 is not allowed: that has always been the
> case.

% openssl version
OpenSSL 1.0.1f 6 Jan 2014

% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL

ECDHE-RSA-AES256-SHA    SSLv3
ECDHE-ECDSA-AES256-SHA  SSLv3
DHE-RSA-AES256-SHA      SSLv3
DHE-DSS-AES256-SHA      SSLv3
[snipped]

All of the others are TLSv1.2.

Why is SSLv3.0 seen in FIPS mode on this install ?

> TLS 1.0 is currently permitted though. 

As far as OpenSSL is concerned, will any action to remove TLSv.10
only be taken when put into a FIPS frame, eg. the recent
NDCPPv1.0 is not enough ground to make a change ?

Regards.




--
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-SSL-3-0-now-forbidden-in-latest-NDCPP-update-tp57695p57707.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux