HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks to all that replied to this thread. I now understand and was able to generate my TLS KDF test.

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Gibbons, Lee D (Doug)
Sent: Thursday, January 22, 2015 7:42 AM
To: openssl-users at openssl.org
Subject: Re: HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7


NIST addresses TLS 1.0-1.2 KDFs in SP 800-135rev1. For 140-2 validation the KDF would be tested via NIST's ASKDFVS. For those riding on the shirttails of #1747, note that the TLS KDF component is implemented in the FIPS-capable OpenSSL library code *outside* of the FIPS Object Module. Though the TLS KDF algorithm may in general be Approved, the OpenSSL FIPS Object Module does not appear to provide a validated TLS KDF. I don't see a CVL cert for TLS KDF listed in #1747.

Doug Gibbons

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Dave Thompson
Sent: Wednesday, January 21, 2015 11:21 PM
To: openssl-users at openssl.org
Subject: Re: HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7

> From: openssl-users On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, January 21, 2015 09:28

> On Wed, Jan 21, 2015, John Laundree wrote:
> 
> > Ok, so I will naively ask the question "How does one do TLS 1.0/1.1 
> > in
FIPS
> mode? Or is this no longer allowed, i.e. TLS 1.2 only?"
> 
> The use of MD5 for TLS 1.0/1.1 is treated as an exception which is 
> allowed
in
> FIPS mode but general MD5 use is not.
> 
To be exact, as I read it, the TLS1.0/1.1 *PRF* *combines* MD5+SHA1 for handshake/keyexchange, and is Approved on the basis that the combination is secure even if MD5 is not. The SSL3 PRF combines them more weakly and isn't Approved so SSL3 protocol is prohibited. Suites using (pure) HMAC-MD5 for data are not Approved, in any protocol version. 

And as you say MD5 as such is not allowed anywhere.



_______________________________________________
openssl-users mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers&d=AwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=LlsENUS4HI1fg4eMsTxoSOs4zCv38ATLKf-JAHPNl7Q&m=QTOtp0d9KSfYrkzv8qkvuAeqCnPPdxocPR9NO4Au94o&s=08xVu7r1MvSU4yef2ePC4MW_OpSkYmSBF0NjkrWTOew&e=
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux