[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update
Dr. Stephen Henson
steve at openssl.org
Fri Apr 24 21:56:57 UTC 2015
On Fri, Apr 24, 2015, jonetsu wrote:
> > In FIPS mode SSL 3.0 is not allowed: that has always been the
> > case.
> % openssl version
> OpenSSL 1.0.1f 6 Jan 2014
> % OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
> ECDHE-RSA-AES256-SHA SSLv3
> ECDHE-ECDSA-AES256-SHA SSLv3
> DHE-RSA-AES256-SHA SSLv3
> DHE-DSS-AES256-SHA SSLv3
> All of the others are TLSv1.2.
> Why is SSLv3.0 seen in FIPS mode on this install ?
That refers to the minimum version of the ciphersuite: it doesn't imply that it
will only be used in SSLv3 (which is disabled in FIPS mode).
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users