On Wed, Jul 16, 2014, Jason Schultz wrote: > According to this wiki page: > > http://wiki.openssl.org/index.php/FIPS_mode_and_TLS > > When in FIPS mode, SHA1 signatures can not be used when using the TLS 1.2 > protocol: "If that wasn't enough there's another complication. For TLS v1.2 > you have to restrict the supported signature algorithms to exclude SHA1, > allowing only SHA256 and above." However, our application is in FIPS mode, > and I am successfully opening a connection using only cipher "AES256-SHA". >
That's SHA1 used for HMAC, not for digital signatures. > And Section 2.6.2: "It is the responsibility of the application developer to > ensure that only FIPS algorithms are used when in FIPS mode." To furthur > complicate things, several days ago I had observed handshakes failing in > this situation, with the following errors in the OpenSSL Error Queue on the > client side: error:0409A09E:rsa routines:PKEY_RSA_VERIFY:operation not > allowed in fips modeerror:0D0C5006:asn1 encoding > routines:ASN1_item_verify:EVP liberror:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Are we seeing > a case where sometimes OpenSSL fails to prevent non-FIPS algorithms and > sometimes does not, for whatever reason? Thanks in advance. > That error could be caused by the peer using an invalid message digest in FIPS mode. For example MD5. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
