[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update
Dr. Stephen Henson
steve at openssl.org
Fri Apr 24 21:56:57 UTC 2015
On Fri, Apr 24, 2015, jonetsu wrote:
> Hello,
>
> > In FIPS mode SSL 3.0 is not allowed: that has always been the
> > case.
>
> % openssl version
> OpenSSL 1.0.1f 6 Jan 2014
>
> % OPENSSL_FIPS=1 openssl ciphers -v | grep SSL
>
> ECDHE-RSA-AES256-SHA SSLv3
> ECDHE-ECDSA-AES256-SHA SSLv3
> DHE-RSA-AES256-SHA SSLv3
> DHE-DSS-AES256-SHA SSLv3
> [snipped]
>
> All of the others are TLSv1.2.
>
> Why is SSLv3.0 seen in FIPS mode on this install ?
>
That refers to the minimum version of the ciphersuite: it doesn't imply that it
will only be used in SSLv3 (which is disabled in FIPS mode).
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list