[openssl-users] While ssl handshake happens, getting error Operation not allowed in fips mode

Jakob Bohm jb-openssl at wisemo.com
Wed May 4 09:33:24 UTC 2016

On 04/05/2016 08:15, mani kanta wrote:
> Hello,
>    While the SSL handshake is happening,I am getting the error as below
> SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not 
> allowed in fips mode.
> ssl handshake went well up to client sending key exchange to server 
> and failing in the process of send client verify. Why this error 
> happens ? and How to overcome this ?
> Background:
>  1.  I built Openssl in FIPS mode. From the supplicant (application) I 
> called FIPS_mode_set(1) API. In my use-case I am trying to connect 
> WPA2 Enterprise Wi-Fi network which has EAP-TLS configured (used 
> radius server to setup EAP-TLS).
> 2. From the network packets it is confirmed that the client and the 
> server agreed on to use TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher 
> suit. Also found that if in case TLS_RSA_WITH_AES_256_CBC_SHA256 
> cipher suit is selected  then also it throws the same above mentioned 
> error.
> 3. I am using openssl verson 1.0.2f(client side). radius 
> server(3.0.11) . Server is running in ubuntu 14.04
Is your RSA key too short (FIPS mode imposes a minimum key
length by refusing to use shorter keys).


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list