On Fri, Nov 21, 2014, Matt Caswell wrote: > > > On 21/11/14 14:43, Charles Mills wrote: > > I posted the certificates. What's next? > > > > Charles > > The key sizes look ok to me. As I said I'm no FIPS expert, but this page > http://wiki.openssl.org/index.php/FIPS_mode_and_TLS > > says the following: > "The RSA key in the certificate has to be of suitable size (2048 bits > minimum) as do all other keys in the chain and none of the CAs can sign > using SHA1." > > But your certificates say: > Signature Algorithm: sha1WithRSAEncryption > > So I'm wondering if that is the problem? Failing that you may need to > approach IBM since the alert is being generated from their code. >
The rules changed some time after the release of the current OpenSSL FIPS module. In the original version SHA1 was allowed and keysizes for RSA, DH had to be 1024 bits minimum. The new version disallows SHA1 for digital signatures and has the 2048 bit limit. Depending on the interpretation it might effectively ban anything other than TLS 1.2 (previous versions of TLS use MD5+SHA1 for RSA signatures). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
