[openssl-users] FIPS Non­-Approved Cryptographic Functions

Alan Dean alandean888 at gmail.com
Tue Mar 13 21:39:04 UTC 2018


Hi All:

>From the OpenSSL FIPS Security Policy chapter 4, it mentioned there are a
number of non-FIPS approved algorithms/ services which are still
implemented by the FIPS canister modules (e.g. RSA, DSA, DRDB, ECDSA etc).

Just wondering why these algorithms are still implemented by FIPS Canister.

The concern is, if these algorithms could still be used under FIPS mode,
there is risk that the applications which use the FIPS canister modules may
become non-FIPS compliant if these algorithms are used by mistake.

Is my understanding correct and in that case is there a way to disable
these non-FIPS approved algorithms?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180313/ff4a241c/attachment-0001.html>


More information about the openssl-users mailing list