On 07/09/2012 04:12 PM, Alex Chen wrote: > When FIPS mode is turned on, I assume OpenSSL will only use FIPS 140-2 > approved encryption algorithms for network traffic encryptions as well, > correct?
Yes, for the "FIPS capable" OpenSSL (OpenSSL 1.0.1 built using the "fips" build-time config option with the 2.0 FIPS module). The OpenSSL library won't perform disallowed cryptography for any application while in FIPS mode. Note that can potentially cause interoperability issues, with peers supporting only ciphersuites that don't intersect those allowed in FIPS mode. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
