Thanks to all that replied to this thread. I now understand and was able to generate my TLS KDF test. -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Gibbons, Lee D (Doug) Sent: Thursday, January 22, 2015 7:42 AM To: openssl-users at openssl.org Subject: Re: HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7 NIST addresses TLS 1.0-1.2 KDFs in SP 800-135rev1. For 140-2 validation the KDF would be tested via NIST's ASKDFVS. For those riding on the shirttails of #1747, note that the TLS KDF component is implemented in the FIPS-capable OpenSSL library code *outside* of the FIPS Object Module. Though the TLS KDF algorithm may in general be Approved, the OpenSSL FIPS Object Module does not appear to provide a validated TLS KDF. I don't see a CVL cert for TLS KDF listed in #1747. Doug Gibbons -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Dave Thompson Sent: Wednesday, January 21, 2015 11:21 PM To: openssl-users at openssl.org Subject: Re: HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7 > From: openssl-users On Behalf Of Dr. Stephen Henson > Sent: Wednesday, January 21, 2015 09:28 > On Wed, Jan 21, 2015, John Laundree wrote: > > > Ok, so I will naively ask the question "How does one do TLS 1.0/1.1 > > in FIPS > mode? Or is this no longer allowed, i.e. TLS 1.2 only?" > > The use of MD5 for TLS 1.0/1.1 is treated as an exception which is > allowed in > FIPS mode but general MD5 use is not. > To be exact, as I read it, the TLS1.0/1.1 *PRF* *combines* MD5+SHA1 for handshake/keyexchange, and is Approved on the basis that the combination is secure even if MD5 is not. The SSL3 PRF combines them more weakly and isn't Approved so SSL3 protocol is prohibited. Suites using (pure) HMAC-MD5 for data are not Approved, in any protocol version. And as you say MD5 as such is not allowed anywhere. _______________________________________________ openssl-users mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Dusers&d=AwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=LlsENUS4HI1fg4eMsTxoSOs4zCv38ATLKf-JAHPNl7Q&m=QTOtp0d9KSfYrkzv8qkvuAeqCnPPdxocPR9NO4Au94o&s=08xVu7r1MvSU4yef2ePC4MW_OpSkYmSBF0NjkrWTOew&e= _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
