Thanks a lot Kyle. That was a very clear explanation. One final question. Given that non fips mode openssl can talk with fips validated implementations , Lets say i have a server which is using openssl in non fips mode which speaks and suports all the ciphers (including the FIPS ciphers) .Now for a FIPS validated client is there any way for the client to tell that it is speaking with a non fips server.? If not the server could claim to be FIPS compliant and trick the client while in reality it is not FIPS compliant but is just speaking fips ciphers that the client proposes. Is the above possible then?
On Mon, Feb 23, 2009 at 3:13 AM, Kyle Hamilton <aerow...@gmail.com> wrote: > On Sun, Feb 22, 2009 at 7:56 AM, smitha daggubati <smithad...@gmail.com> > wrote: > > Thanks David and kyle for your time. > > Kyle, > > "though current practice includes "procurement", not necessarily > > "implementation" > > I did not understand the above statement? Can you elaborate.. > > > > thanks > > Srinivas > > In order for the US Federal government to purchase any system which is > to hold confidential data (including private information such as > names/addresses/social security numbers/etc), that system *must* (by > law and regulation) include cryptography which is FIPS 140-1 or FIPS > 140-2 validated. Any device which provides cryptography which is > purchased by the US Federal government *must* "be FIPS validated" -- > meaning, it must have a mode of operation which has been validated to > FIPS 140-1 or FIPS 140-2. > > Typically, FIPS-validated cryptography is not easily interoperable > with non-FIPS-validated cryptography. For example, with Windows > Server, if one domain controller is set to "mandate use of > FIPS-compliant cryptography" and another domain controller for the > same domain is not, those domain controllers will not talk with each > other at all (because they have different expectations as to what > authentication algorithms and methods are to be used). > > The practical upshot of this is that the government buys things with > "FIPS-validated cryptography" as a mandatory checklist item, but > often, they can't follow the security policy to turn it on due to > interoperability requirements. > > OpenSSL is one of the relatively few TLS cryptographic providers which > can, even when in non-FIPS mode, negotiate communication with > FIPS-validated, FIPS-mode-enabled TLS implementations. (SSLv2 and > SSLv3 cannot be used in FIPS mode, because the key agreement mechanism > uses/relies on MD5; TLSv1 uses both MD5 and SHA-1, but the NIST > guidance is that even though it uses MD5, it is okay to use it because > it doesn't rely solely on MD5 to provide its security.) > > -Kyle H >
