[openssl-users] AES CBC approved encryption algorithm/option in FIPS
Jeremy Farrell
jeremy.farrell at oracle.com
Fri Mar 20 19:51:04 UTC 2015
I assume it says it is a FIPS 140-2 approved mode because it is approved
by FIPS 140-2 ;). Don't confuse the concepts of being 'FIPS approved' or
'FIPS compliant' with being 'secure'. They are not the same thing, and
can sometimes conflict.
On 20/03/2015 12:01, Philip Bellino wrote:
>
> Hello,
>
> I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?
>
> If AES CBC Encryption is considered vulnerable to an attacker with the
> capability to inject arbitrary traffic into the plain-text stream,
> then why is it listed as an approved algorithm/option in table 4A on
> page 14 of the OpenSSL Security Policy:
> http://openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf
>
> I am just looking for a clarification.
>
> Thanks,
>
> Phil
>
> *Phil Bellino*
>
> *Principal Software Engineer****| **MRV Communications Inc.*
>
> 300 Apollo Drive *| *Chelmsford, MA 01824
>
> Phone: 978-674-6870*| *Fax: 978-674-6799
>
> www.mrv.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150320/6971bf3b/attachment-0001.html>
More information about the openssl-users
mailing list