Openssl 1.1.1k specifications
Jochen Bern
Jochen.Bern at binect.de
Wed Sep 20 08:23:06 UTC 2023
On 20.09.23 10:01, openssl-users-request at openssl.org digested:
> Date: Wed, 20 Sep 2023 07:57:50 +0000
> From: Benjamin ENTE <benjamin.ente at cromology.com>
>
> I'm using OpenSSL 1.1.1k FIPS .
>
> I'm asked for some audit if we are using rsa 2048 bits with padding PSS or Elliptic Curve (EDCSA) 256 bits.
>
> I don't know where to find this information and how to check it ?
The cryptosystem to use gets *negotiated* between client and server when
a TLS connection is initiated. Assuming that you're in control of the
server side and asked for a statement of how *that* behaves, the info
which ones the server is *willing* to agree to can be found in the
server app's setup, or be retrieved by outright *scanning* the server
(sslyze, https://www.ssllabs.com/ssltest/, whatever). OpenSSL and FIPS
may set boundaries on what the app *can* do, but they don't have the
last word on what it *does* do.
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230920/dd0371ab/attachment.p7s>
More information about the openssl-users
mailing list