[openssl-users] openSSL and SLOTH attack

jonetsu jonetsu at teksavvy.com
Fri Jan 8 14:09:51 UTC 2016

> Does FIPS mode prevent use of MD5: Yes.

> Does FIPS mode prevent insecure uses of SHA-1 (a FIPS
> algorithm): No.

> Does FIPS mode prevent the SSL/TLS handshake from using 96 bit
> truncated HMAC values: Probably not.

> Does FIPS mode prevent use of the insecurely designed
> 'tls-unique' feature: Probably not.

This is what I read so far, thanks for the confirmation.  1.01f though, will
be good, will it, FIPS mode or not ?

View this message in context: http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62080.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list