[openssl-users] FIPS: SSL 3.0 now forbidden in latest NDCPP update

jonetsu jonetsu at teksavvy.com
Tue Apr 28 13:23:14 UTC 2015

> SSLv3 in the ciphersuite definition means it can be used in
> SSLv3 *and later*. A ciphersuite isn't defined once for SSLv3,
> and then again for TLS1.0, and again for TLS1.1 etc - its just
> defined once and is reused across multiple protocol versions.

Yes, this is what I basically understood.  What was lacking then in my
undestanding, is that :

% OPENSSL_FIPS=1 openssl ciphers -v

Will not output strictly according to FIPS.  Maybe there's no easy way to do
that when the definition of a cipher states otherwise.


View this message in context: http://openssl.6102.n7.nabble.com/FIPS-SSL-3-0-now-forbidden-in-latest-NDCPP-update-tp57695p57764.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list