On Fri, Apr 24, 2015, jonetsu wrote: > Hello, > > > In FIPS mode SSL 3.0 is not allowed: that has always been the > > case. > > % openssl version > OpenSSL 1.0.1f 6 Jan 2014 > > % OPENSSL_FIPS=1 openssl ciphers -v | grep SSL > > ECDHE-RSA-AES256-SHA SSLv3 > ECDHE-ECDSA-AES256-SHA SSLv3 > DHE-RSA-AES256-SHA SSLv3 > DHE-DSS-AES256-SHA SSLv3 > [snipped] > > All of the others are TLSv1.2. > > Why is SSLv3.0 seen in FIPS mode on this install ? > That refers to the minimum version of the ciphersuite: it doesn't imply that it will only be used in SSLv3 (which is disabled in FIPS mode). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
