Thank you David for your bluntness. Trust me, I'm aware of how significant making wpa_supplicant FIPSable is. I've been working on it for several months. Over the past few months I've been in the process of removing non-compliant code, updating MD5 to SHA-1, etc. I'm close for the AP side with hostapd and have pulled out a lot from wpa_supplicant until this latest issue I seemed to be doing OK. You mentioned that SSL v3 uses MD5 but I read that was the difference between v2 and v3 is that v3 went to SHA-1. Does v3 have a mixture of the two? What determines which SSL version is used? Is it the CTX object, a configuration setting, etc.? I've tried tracing the code on the OpenSSL side but it has me baffled even with a stack trace I'm having trouble understanding its path. I would appreciate any help you can give on the issue.
On Mon, Jul 20, 2009 at 10:03 PM, David Schwartz <dav...@webmaster.com>wrote: > > Michael Kurecka: > > > How do I disable SSLv3 so that I can use FIPS? > > Sorry to be blunt, but you don't. A FIPS wpa_supplicant is a significant > task, you can't just flip a few switches and make one appear. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
