[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update
Matt Caswell
matt at openssl.org
Tue Apr 28 12:58:35 UTC 2015
On 28/04/15 13:31, jonetsu wrote:
>> That refers to the minimum version of the ciphersuite: it
>> doesn't imply that it will only be used in SSLv3 (which is
>> disabled in FIPS mode).
>
> Hmmm... I'm sorry but I do not really understand this. Since openssl is
> run in FIPS mode, and since SSLv3 is disabled, then why would the SSLv3
> ciphers show up ? If they have counterparts in TLS that could be used, why
> wouldn't the TLS version show up instead ?
SSLv3 in the ciphersuite definition means it can be used in SSLv3 *and
later*. A ciphersuite isn't defined once for SSLv3, and then again for
TLS1.0, and again for TLS1.1 etc - its just defined once and is reused
across multiple protocol versions.
Matt
More information about the openssl-users
mailing list