[openssl-users] Is Pre-1.0.1k Client in FIPS Mode Vulnerable To CVE-2015-0204 (RSA silently downgrades to EXPORT_RSA)?

Dr. Stephen Henson steve at openssl.org
Thu Mar 5 12:43:15 UTC 2015

On Wed, Mar 04, 2015, Welling, Gerhart Gerhart wrote:

> I'm partly into researching FREAK, then, realize an answer - or, better, an explanation - might be available at hand.  My first assumption was that FIPS-mode makes "International Step-Up" impossible.  Right?

Among other things FIPS mode prohibits operations on RSA keys smaller than
1024 bits so a client would not accept a SKE message using a 512 bit RSA
temporary key.

For servers all export ciphersuites are disabled in FIPS mode.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list