[openssl-users] Help needed on FIPS error 0409A09E:lib(4):func(154):reason(158)

Jayalakshmi bhat bhat.jayalakshmi at gmail.com
Fri Jul 17 08:54:34 UTC 2015


Hi Steve,

Thanks a lot for the response. We are not using SSL 3.0. It is completely
disabled in the stack. This issue is happening in TLS 1.0/ TLS 1.2 both.
We are using OpenSSL 1.0.1c. I did not try using s_client.

However I found the issue is fixed with the latest release of OpenSSL
1.0.2d. API's changed are EVP_MD_flags from evp_lib.c
and pkey_fips_check_ctx from rsa_pmeth.c

Regards
Jayalakshmi

On Fri, Jul 17, 2015 at 4:20 AM, Dr. Stephen Henson <steve at openssl.org>
wrote:

> On Thu, Jul 16, 2015, Jayalakshmi bhat wrote:
>
> > Hi All,
> >
> > I am using OpenSSL library for a SSL client performing mutual
> > authentication. RSA certificate used is signed with SHA512 digest. When I
> > switch to FIPS mode and perform re-authentication, I am hitting an
> > error :0409A09E:lib(4):func(154):reason(158). Cipher used is AES128-SHA.
> >
> > Can any one tell me what could be the possible issue?
> >
>
> A bit more information would be helpful. When you say "SSL client" do you
> mean
> using SSL v3.0 or TLS? SSL 3.0 isn't allowed in FIPS mode but I'd expect a
> different error.
>
> Which version of OpenSSL are you using? Can you reproduce the error using
> s_client?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150717/8a93847c/attachment.html>


More information about the openssl-users mailing list