Openssl 1.1.1k specifications

Jochen Bern Jochen.Bern at
Wed Sep 20 08:23:06 UTC 2023

On 20.09.23 10:01, openssl-users-request at digested:
> Date: Wed, 20 Sep 2023 07:57:50 +0000
> From: Benjamin ENTE <benjamin.ente at>
> I'm using OpenSSL 1.1.1k  FIPS .
> I'm asked for some audit if we are using rsa 2048 bits with padding PSS or Elliptic Curve (EDCSA) 256 bits.
> I don't know where to find this information and how to check it ?

The cryptosystem to use gets *negotiated* between client and server when 
a TLS connection is initiated. Assuming that you're in control of the 
server side and asked for a statement of how *that* behaves, the info 
which ones the server is *willing* to agree to can be found in the 
server app's setup, or be retrieved by outright *scanning* the server 
(sslyze,, whatever). OpenSSL and FIPS 
may set boundaries on what the app *can* do, but they don't have the 
last word on what it *does* do.

Kind regards,
Jochen Bern

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssl-users mailing list