On Wed, Mar 04, 2015, Welling, Gerhart Gerhart wrote: > I'm partly into researching FREAK, then, realize an answer - or, better, an explanation - might be available at hand. My first assumption was that FIPS-mode makes "International Step-Up" impossible. Right? > Among other things FIPS mode prohibits operations on RSA keys smaller than 1024 bits so a client would not accept a SKE message using a 512 bit RSA temporary key. For servers all export ciphersuites are disabled in FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
