On Wed, Jan 25, 2012, Gerald L Collins wrote: > Hello all, > I've been tasked to look at some security issues for our OpenSSL > implementation. We are currently at FIPS 1.2.2 and openssl 0.9.8k. Most > of the issues I was asked to look at were no issue for us, but the below > item I'm less certain about. Since we are FIPS does this have any chance > of affecting us? We do use the SSLv23_server method in the call of > SSL_CTX_new. >
If you enter FIPS mode then SSL v3 is not permitted so you are not affected. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
