[openssl-users] While ssl handshake happens, getting error Operation not allowed in fips mode
Jakob Bohm
jb-openssl at wisemo.com
Wed May 4 09:33:24 UTC 2016
On 04/05/2016 08:15, mani kanta wrote:
>
> Hello,
>
> While the SSL handshake is happening,I am getting the error as below
> SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not
> allowed in fips mode.
> ssl handshake went well up to client sending key exchange to server
> and failing in the process of send client verify. Why this error
> happens ? and How to overcome this ?
>
> Background:
> 1. I built Openssl in FIPS mode. From the supplicant (application) I
> called FIPS_mode_set(1) API. In my use-case I am trying to connect
> WPA2 Enterprise Wi-Fi network which has EAP-TLS configured (used
> radius server to setup EAP-TLS).
>
> 2. From the network packets it is confirmed that the client and the
> server agreed on to use TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher
> suit. Also found that if in case TLS_RSA_WITH_AES_256_CBC_SHA256
> cipher suit is selected then also it throws the same above mentioned
> error.
>
> 3. I am using openssl verson 1.0.2f(client side). radius
> server(3.0.11) . Server is running in ubuntu 14.04
>
>
Is your RSA key too short (FIPS mode imposes a minimum key
length by refusing to use shorter keys).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list