[openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7

Dave Thompson dthompson at prinpay.com
Thu Jan 22 06:20:51 UTC 2015

> From: openssl-users On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, January 21, 2015 09:28

> On Wed, Jan 21, 2015, John Laundree wrote:
> > Ok, so I will naively ask the question "How does one do TLS 1.0/1.1 in
> mode? Or is this no longer allowed, i.e. TLS 1.2 only?"
> The use of MD5 for TLS 1.0/1.1 is treated as an exception which is allowed
> FIPS mode but general MD5 use is not.
To be exact, as I read it, the TLS1.0/1.1 *PRF* *combines* MD5+SHA1 for 
handshake/keyexchange, and is Approved on the basis that the combination 
is secure even if MD5 is not. The SSL3 PRF combines them more weakly and
isn't Approved so SSL3 protocol is prohibited. Suites using (pure) HMAC-MD5 
for data are not Approved, in any protocol version. 

And as you say MD5 as such is not allowed anywhere.

More information about the openssl-users mailing list