> Is this correct for openssl 0.9.8 using FIPS? > > test SSL protocol > test ssl3 is forbidden in FIPS mode > *** IN FIPS MODE *** > Available compression methods: > 1: zlib compression > SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > 1 handshakes of 256 bytes done > gmake[1]: *** [test_ssl] Error 1 > gmake[1]: Leaving directory > `/usr/source/openssl-0.9.8-stable-SNAP-20080918-fips/test' > gmake: *** [tests] Error 2
If your question is whether SSLv3 should be prohibited in FIPS mode, the answer is yes. SSLv3's use of MD5 is not acceptable under FIPS rules. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]