Hi Steve, Thanks a lot for the response. We are not using SSL 3.0. It is completely disabled in the stack. This issue is happening in TLS 1.0/ TLS 1.2 both. We are using OpenSSL 1.0.1c. I did not try using s_client. However I found the issue is fixed with the latest release of OpenSSL 1.0.2d. API's changed are EVP_MD_flags from evp_lib.c and pkey_fips_check_ctx from rsa_pmeth.c Regards Jayalakshmi On Fri, Jul 17, 2015 at 4:20 AM, Dr. Stephen Henson <steve at openssl.org> wrote: > On Thu, Jul 16, 2015, Jayalakshmi bhat wrote: > > > Hi All, > > > > I am using OpenSSL library for a SSL client performing mutual > > authentication. RSA certificate used is signed with SHA512 digest. When I > > switch to FIPS mode and perform re-authentication, I am hitting an > > error :0409A09E:lib(4):func(154):reason(158). Cipher used is AES128-SHA. > > > > Can any one tell me what could be the possible issue? > > > > A bit more information would be helpful. When you say "SSL client" do you > mean > using SSL v3.0 or TLS? SSL 3.0 isn't allowed in FIPS mode but I'd expect a > different error. > > Which version of OpenSSL are you using? Can you reproduce the error using > s_client? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150717/8a93847c/attachment.html>
