I assume it says it is a FIPS 140-2 approved mode because it is approved by FIPS 140-2 ;). Don't confuse the concepts of being 'FIPS approved' or 'FIPS compliant' with being 'secure'. They are not the same thing, and can sometimes conflict. On 20/03/2015 12:01, Philip Bellino wrote: > > Hello, > > I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question? > > If AES CBC Encryption is considered vulnerable to an attacker with the > capability to inject arbitrary traffic into the plain-text stream, > then why is it listed as an approved algorithm/option in table 4A on > page 14 of the OpenSSL Security Policy: > http://openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf > > I am just looking for a clarification. > > Thanks, > > Phil > > *Phil Bellino* > > *Principal Software Engineer****| **MRV Communications Inc.* > > 300 Apollo Drive *| *Chelmsford, MA 01824 > > Phone: 978-674-6870*| *Fax: 978-674-6799 > > www.mrv.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150320/6971bf3b/attachment-0001.html>
