[openssl-users] AES CBC approved encryption algorithm/option in FIPS
jeremy.farrell at oracle.com
Fri Mar 20 19:51:04 UTC 2015
I assume it says it is a FIPS 140-2 approved mode because it is approved
by FIPS 140-2 ;). Don't confuse the concepts of being 'FIPS approved' or
'FIPS compliant' with being 'secure'. They are not the same thing, and
can sometimes conflict.
On 20/03/2015 12:01, Philip Bellino wrote:
> I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?
> If AES CBC Encryption is considered vulnerable to an attacker with the
> capability to inject arbitrary traffic into the plain-text stream,
> then why is it listed as an approved algorithm/option in table 4A on
> page 14 of the OpenSSL Security Policy:
> I am just looking for a clarification.
> *Phil Bellino*
> *Principal Software Engineer****| **MRV Communications Inc.*
> 300 Apollo Drive *| *Chelmsford, MA 01824
> Phone: 978-674-6870*| *Fax: 978-674-6799
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users