On Fri, Jun 26, 2009, Peter Lin wrote: > Thanks Dr. Henson, yeah the 0.9.8k version works perfectly. > > sorry I made the mistake about the environment variable, should be > OPENSSL_FIPS rather than FIPS_MODE. > > But I am still stuck at problem 2, while in fips mode, the TlsServer will > exit with the error message as long as a client trying connecting. I confirm > both the client and server have set a FIPS-valid cipher list. The problem > may due to the certificate I use. However, I wonder if there is any way to > catch and detemine the error rather than have the program exit? >
That shouldn't happen if earlier errors are not ignored. Does the certificate contain an MD5 signature algorithm? Can you reproduce the problem with s_client/s_server? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
