[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update
jonetsu
jonetsu at teksavvy.com
Fri Apr 24 18:29:28 UTC 2015
Hello,
> In FIPS mode SSL 3.0 is not allowed: that has always been the
> case.
% openssl version
OpenSSL 1.0.1f 6 Jan 2014
% OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
ECDHE-RSA-AES256-SHA SSLv3
ECDHE-ECDSA-AES256-SHA SSLv3
DHE-RSA-AES256-SHA SSLv3
DHE-DSS-AES256-SHA SSLv3
[snipped]
All of the others are TLSv1.2.
Why is SSLv3.0 seen in FIPS mode on this install ?
> TLS 1.0 is currently permitted though.
As far as OpenSSL is concerned, will any action to remove TLSv.10
only be taken when put into a FIPS frame, eg. the recent
NDCPPv1.0 is not enough ground to make a change ?
Regards.
--
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-SSL-3-0-now-forbidden-in-latest-NDCPP-update-tp57695p57707.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users
mailing list