On Wed, Mar 04, 2015, Welling, Gerhart Gerhart wrote: > I'm partly into researching FREAK, then, realize an answer - or, better, an > explanation - might be available at hand. My first assumption was that > FIPS-mode makes "International Step-Up" impossible. Right? >
Among other things FIPS mode prohibits operations on RSA keys smaller than 1024 bits so a client would not accept a SKE message using a 512 bit RSA temporary key. For servers all export ciphersuites are disabled in FIPS mode. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
