Hi,
FIPS enabled build fail at same line.
Brad House wrote:
It appears there is a major regression with OpenSSL 1.0.1d over
1.0.1c. I've narrowed it down to setting a custom cipher
list I think as if I do not set a cipher list, the issue does
not occur.
I have reproduced the issue with the openssl s_server/s_client
command line utility. You can see my full procedure below.
In short, it appears SSL negotiation succeeds, but as soon as
data is sent from the client to the server, the server spits
out:
67397216:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed
or bad record mac:s3_pkt.c:482:
And does NOT receive the data sent from the client side.
[SNIP]
....
test sslv2/sslv3 w/o DHE via BIO pair
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
ERROR in CLIENT
140602657330880:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac:s3_pkt.c:482:
TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA, 2048 bit RSA
1 handshakes of 256 bytes done
make[1]: *** [test_ssl] Error 1
....
Roumen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
