___
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 26 July 2013 14:10
To: openssl-users@openssl.org
Subject: RE: Using MD5 certificates in OpenSSL FIPS
If I do "openssl x509 -in mycert.crt -text" I see &quo
On Fri, Jul 26, 2013, Perrow, Graeme wrote:
> If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm:
> sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is
> attempting to load it, I assume it's using the MD5-SHA1 combination. If that
> *is* permitted, why a
the "disabled for FIPS" error?
Graeme
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Friday, July 26, 2013 7:39 AM
To: openssl-users@openssl.org
Subject: Re: Using MD5 certificates in OpenSSL FIPS
On Fri, Jul 26, 2013, Carl Young wrote:
> As far as I remember, the use of MD5 is only allowed in TLS 1 for the
> specific use within the PRF for key generation as the __combination__ of
> SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still
> disallowed.
>
It is also permit
-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Perrow, Graeme [graeme.per...@sap.com]
Sent: 25 July 2013 18:40
To: openssl-users@openssl.org
Subject: Using MD5 certificates in OpenSSL FIPS
I am using OpenSSL FIPS module 2.0.5 with OpenSSL 1.0.1e on Windows. After
calling
I am using OpenSSL FIPS module 2.0.5 with OpenSSL 1.0.1e on Windows. After
calling FIPS_mode_set(1), I cannot call SSL_CTX_use_RSAPrivateKey_file. When I
debug into it, it is failing when trying to initialize MD5. Apparently the
private key is encrypted with MD5.
I was under the impression that
