[openssl-users] AES CBC approved encryption algorithm/option in FIPS

Philip Bellino pbellino at mrv.com
Fri Mar 20 12:01:54 UTC 2015

I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?

If AES CBC Encryption is considered vulnerable to an attacker with the capability to inject arbitrary traffic into the plain-text stream, then why is it listed as an approved algorithm/option in table 4A on page 14 of the OpenSSL Security Policy:  http://openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf

I am just looking for a clarification.

Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799



The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150320/aaccf61b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6563 bytes
Desc: image001.png
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150320/aaccf61b/attachment-0001.png>

More information about the openssl-users mailing list