Thanks Stephen, That was my suspicion, but I couldn't be sure. Gerald Collins Senior Member Technical Staff, Programmer / Analyst CSC
8 Executive Drive, Suite 300, Fairview Heights, IL 62208 North American Public Sector | p: +1-618-632-9252 x410 | | gcoll...@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: "Dr. Stephen Henson" <st...@openssl.org> To: openssl-users@openssl.org Date: 01/25/2012 12:44 PM Subject: Re: OpenSSL security issues and FIPS. Sent by: owner-openssl-us...@openssl.org On Wed, Jan 25, 2012, Gerald L Collins wrote: > Hello all, > I've been tasked to look at some security issues for our OpenSSL > implementation. We are currently at FIPS 1.2.2 and openssl 0.9.8k. Most > of the issues I was asked to look at were no issue for us, but the below > item I'm less certain about. Since we are FIPS does this have any chance > of affecting us? We do use the SSLv23_server method in the call of > SSL_CTX_new. > If you enter FIPS mode then SSL v3 is not permitted so you are not affected. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
