On Mon, Sep 08, 2003 at 10:49:02AM -0600, Tolga Acar wrote:
> On a second thought, that there is no key management algorithm 
> certified, how would one set up a SSL connection in FIPS mode?
> It seems to me that, it is not possible to have a FIPS 140 certified 
> SSL/TLS session using the OpenSSL's certification.

SSL's not certifiable, period.

TLS has been held to be certifiable, and products using TLS have been
certified.  However, it's necessary to disable any use of MD5 in the
certificate validation path.  When I had a version of OpenSSL certified
for use in a product at my former employer, I had to whack the OpenSSL
source to throw an error if in FIPS mode and any part of the certificate
validation path called the MD5 functions.  Perhaps this has been done
in the version currently undergoing certification.  You'll also need
certificates that use SHA1 as the signing algorithm, which some public
CAs cannot provide (though most can, and will if the certificate request
itself uses SHA1 as the signing algorithm).

The use of MD5 in the TLS protocol itself is okay, because it is always
used in combination with SHA1 in the PRF.  We got explicit guidance from
NIST on this issue.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to