Mozilla Firefox, when the Platform Security Module is in FIPS mode.
-Kyle H On Jun 18, 2009, at 11:39 AM, Randy Turner wrote:
That would imply that, when operating in FIPS mode, FIPS sites in the US Govt. can't import or export certificates.In the comment below, the phrase "Most browser output...". Is there any browser that uses FIPS algorithms to import/exportcerts? Randy On Jun 18, 2009, at 9:55 AM, Dr. Stephen Henson wrote:On Thu, Jun 18, 2009, Lior Aharoni wrote:Hello,I have encountered a problem when trying to use OpenSSL command to decode PKCS12 file, I am using OpenSSL 0.9.8j that was build with FIPS supportenabled. When working in non FIPS mode I perform the following operation successfully: * K:\>openssl OpenSSL> pkcs12 -in k:\server.p12.pfx *When I am in FIPS mode and perform the same operation I get the followingerror: * Error outputting keys and certificates7956:error:0607B090:digital envelope routines:EVP_CipherInit_ex:disabled forfips:.\crypto\evp\enc_min.c:306:7956:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygenfailure:.\crypto\evp\evp_pbe.c:101:7956:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipheriniterror:.\crypto\pkcs12\p12_decr.c:83:7956:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypterror:.\crypto\pkcs12\p12_decr.c:123: error in pkcs12 *Can someone shed light on why this does not work in FIPS mode? How does thisfunctionality contradict the FIPS requirements?Most browser output PKCS#12 files use 40 bit RC2 to encrypt certificates. Thatalgorithm is not permitted in FIPS mode. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________OpenSSL Project http:// www.openssl.org User Support Mailing List openssl- us...@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
