Openssl 1.1.1k specifications

Jan Just Keijser jan.just.keijser at gmail.com
Wed Sep 20 10:34:33 UTC 2023


Hi Paul,

On 20/09/2023 10:01, Dr Paul Dale wrote:
> You cannot possibly be using OpenSSL 1.1.1k with FIPS.  At least not 
> from the OpenSSL project's sources.  No version of OpenSSL 1.1.x has 
> been validated by the project.
>
> I suggest you contact the provider of your "validated" version of 
> 1.1.1k and ask this of them.
>
just FYI:  this smells like RedHat Enterprise Linux and derivatives:

$ cat /etc/redhat-release
Rocky Linux release 8.8 (Green Obsidian)

$ openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021

but you are 100% correct that this is a question for RedHat and not for 
the OpenSSL team.
Having said that, the question
   "Are we using rsa 2048 bits with padding PSS or Elliptic Curve 
(EDCSA) 256 bits."
sounds like a question about the type of certificate that is used for a 
particular connection - which could be extracted from the certificate 
used using the appropriate `openssl` command.

Regards,

JJK / Jan Just Keijser


>
> Dr Paul Dale
>
>
> On 20/9/23 17:57, Benjamin ENTE wrote:
>> Hi everyone
>>
>> I'm using OpenSSL 1.1.1k  FIPS .
>>
>> I'm asked for some audit if we are using rsa 2048 bits with padding 
>> PSS or Elliptic Curve (EDCSA) 256 bits.
>>
>> I don't know where to find this information and how to check it ?
>>
>> Can you help me ?
>>
>> Thank you in advance
>>
>> Benjamin ENTE
>>
>>
>>
>> Ce message et toutes les pièces jointes sont établis à l'intention 
>> exclusive de ses destinataires et sont confidentiels. Si vous n'êtes 
>> pas le destinataire de ce message, merci d'en avertir immédiatement 
>> l'expéditeur et de le détruire. Malgré nos mesures visant à nous 
>> prémunir des risques en termes de sécurité, nous vous recommandons de 
>> vous assurer de la non-introduction de virus dans votre système 
>> informatique. Tout message étant susceptible d’altération au cours de 
>> son acheminement, Cromology ne saurait être tenue pour responsable de 
>> dommage causé par la présence d'un virus dans ce message. 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230920/11aee493/attachment.htm>


More information about the openssl-users mailing list