[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

jonetsu jonetsu at teksavvy.com
Fri Apr 24 14:13:51 UTC 2015


Hi,

  ... Along with TLS 1.0 (which is absent from OpenSSL FIPS mode)

https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0

Specifically:

"FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0"

"FCS_TLSS_EXT.2.2 The TSF shall deny connections from clients requesting SSL
1.0, SSL
2.0, SSL 3.0, TLS 1.0"

In this case, would it be possible to simply compile OpenSSL without support
for SSL 3.0, while having FIPS mode taking care of the rest ?  I do not
remeber the exact option now, although I'm almost sure there's a compile
option to exclude SSL 3.0.  Am I right and would that work ?

Regards.






--
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-SSL-3-0-now-forbidden-in-latest-NDCPP-update-tp57695.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list