The problem is the root CA uses MD2WithRSAEncryption as a
signature algorithm
and that is prohibited in FIPS mode.
I'm pretty ignorant when it comes to FIPS, is this a limitation of the
FIPS requirements itself or a limitation of OpenSSL's FIPS validation?
The former. FIPS does not allow the use of algorithms not considered
adequately secure. A general-purpose SSL application intended to
interoperate on the Internet should not be using FIPS mode.
Thanks for the info. Our clients that would be using this probably
would be segmented away from the internet anyhow and be using
private circuits for direct point-to-point communication, just for
my own testing I hit the issue and didn't know what to make of it.
Thanks for the clarification and I'll add the info to my notes for
future reference.
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
