[openssl-users] While ssl handshake happens, getting error Operation not allowed in fips mode

mani kanta venki.manikanta at gmail.com
Wed May 4 06:15:56 UTC 2016


Hello,

   While the SSL handshake is happening,I am getting the error as below
SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not allowed
in fips mode.
ssl handshake went well up to client sending key exchange to server and
failing in the process of send client verify. Why this error happens ? and
How to overcome this ?

Background:
 1.  I built Openssl in FIPS mode. From the supplicant (application) I
called FIPS_mode_set(1) API. In my use-case I am trying to connect WPA2
Enterprise Wi-Fi network which has EAP-TLS configured (used radius server
to setup EAP-TLS).

2. From the network packets it is confirmed that the client and the server
agreed on to use TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suit. Also
found that if in case TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suit is
selected  then also it throws the same above mentioned error.

3. I am using openssl verson 1.0.2f(client side). radius server(3.0.11) .
Server is running in ubuntu 14.04

  Please let me know if you need any further information.

                              Thank you in advance.

Regards,
Venkat.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160504/56db75b9/attachment.html>


More information about the openssl-users mailing list