Correct FIPS cipher choice for OpenSSL 3.0
Wall, Stephen
stephen.wall at redcom.com
Thu Feb 1 21:40:35 UTC 2024
https://wiki.openssl.org/index.php/FIPS_mode_and_TLS has a recommendation for what cipher specification to use to select only FIPS-permitted ciphers (“TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL”), but it looks like it hasn’t been updated in some time. Have the OpenSSL 3.x branches updated the definition of cipher selection “FIPS” so that this is no longer necessary, or is it the same as it was in 1.0.2 and includes ciphers that are no longer allowed? Does FIPS 140-3 affect this at all?
Thank you.
--
Stephen Wall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240201/1eaa586a/attachment.htm>
More information about the openssl-users
mailing list