On 20.09.23 10:01, openssl-users-request@xxxxxxxxxxx digested:
Date: Wed, 20 Sep 2023 07:57:50 +0000 From: Benjamin ENTE <benjamin.ente@xxxxxxxxxxxxx> I'm using OpenSSL 1.1.1k FIPS . I'm asked for some audit if we are using rsa 2048 bits with padding PSS or Elliptic Curve (EDCSA) 256 bits. I don't know where to find this information and how to check it ?
The cryptosystem to use gets *negotiated* between client and server when a TLS connection is initiated. Assuming that you're in control of the server side and asked for a statement of how *that* behaves, the info which ones the server is *willing* to agree to can be found in the server app's setup, or be retrieved by outright *scanning* the server (sslyze, https://www.ssllabs.com/ssltest/, whatever). OpenSSL and FIPS may set boundaries on what the app *can* do, but they don't have the last word on what it *does* do.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
