> On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote: > > > > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC which > > is a problem, but the reason for not using SSLv3 is FIPS regulation. > > "Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which > is carefully > designed to have the security properties of the stronger of the two. > NIST and the > labs have accepted the argument that this means that, effectively, > only Approved > algorithms are used for security (because even if you consider MD5 > to be zero-strength, > the TLS PRF is as strong as SHA1). > > This is not the case for SSLv3, which is why SSLv3 is not acceptable > in a FIPS-140 > certified product: an unapproved algorithm (MD5) is used for data > integrity. There is > no specific "regulation", just the general requirement that only > Approved algorithms > be used. > > -- > Thor Lancelot Simon [EMAIL PROTECTED] > "Even experienced UNIX users occasionally enter rm *.* at the UNIX > prompt only to realize too late that they have removed the wrong > segment of the directory structure." - Microsoft WSS whitepaper > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED]
"Not Exactly"? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which is IMHO very cleaver as it requires both HASH functions to be broken. But, the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The specific regulation is http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 61. Several other regulation references exist as well... SSLv3 was allowed in the past with special CipherSuites see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html , which was never truly official AFAIK in any NIST Document, but widely used and IMHO painful. In this case these CipherSuites used the TLS PRF instead of the SSLv3 PRF (wont bother going in the fine specifics). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
