According to this wiki page:
http://wiki.openssl.org/index.php/FIPS_mode_and_TLS When in FIPS mode, SHA1 signatures can not be used when using the TLS 1.2 protocol: "If that wasn't enough there's another complication. For TLS v1.2 you have to restrict the supported signature algorithms to exclude SHA1, allowing only SHA256 and above." However, our application is in FIPS mode, and I am successfully opening a connection using only cipher "AES256-SHA". We are not calling any low level APIs, just simply using calls to SSL_do_handshake() to perform the handshake. Both client and server are using OpenSSL and only making AES256-SHA available. The client and server hello from a successful handshake are below, the 0x23 in both indicate RSA_WITH_AES_256_SHA (from s3_lib.c) and protocol TLS 1.2 (0x03 0x03). >>> TLS 1.2 Handshake [length 005e], ClientHello01 00 00 5a 03 03 77 7d 00 39 a8 d6 9e 16 3a 438d 23 70 13 5f f5 59 ea aa 17 72 9e ff 45 00 8f17 a8 35 bb 3d f2 00 00 04 00 9d 00 ff 01 00 002d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 0603 05 01 05 02 05 03 04 01 04 02 04 03 03 01 0302 03 03 02 01 02 02 02 03 00 0f 00 01 01<<< TLS 1.2 Handshake [length 003a], ServerHello02 00 00 36 03 03 70 3b f5 15 8d 56 c5 69 79 cb3a 6a 7a 0c 21 07 3d f2 63 cb 4d 24 c3 53 c9 3b1f 01 fc 5c 9f 37 00 00 9d 00 00 0e ff 01 00 01 00 00 23 00 00 00 0f 00 01 01 I would just like to confirm the accuracy or inaccuracy of the wiki page. I have also read in the FIPS User Guide that attempting to use non-FIPS algorithms will not always fail. >From Section 5.4: "However, there is no guarantee that the OpenSSL API will >always return an error condition in every possible permutation of or sequence >of API calls that might invoke code relating to non-FIPS algorithms." And Section 2.6.2: "It is the responsibility of the application developer to ensure that only FIPS algorithms are used when in FIPS mode." To furthur complicate things, several days ago I had observed handshakes failing in this situation, with the following errors in the OpenSSL Error Queue on the client side: error:0409A09E:rsa routines:PKEY_RSA_VERIFY:operation not allowed in fips modeerror:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP liberror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Are we seeing a case where sometimes OpenSSL fails to prevent non-FIPS algorithms and sometimes does not, for whatever reason? Thanks in advance.
