As far as I remember, the use of MD5 is only allowed in TLS 1 for the specific use within the PRF for key generation as the __combination__ of SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still disallowed.
Carl ________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Perrow, Graeme [graeme.per...@sap.com] Sent: 25 July 2013 18:40 To: openssl-users@openssl.org Subject: Using MD5 certificates in OpenSSL FIPS I am using OpenSSL FIPS module 2.0.5 with OpenSSL 1.0.1e on Windows. After calling FIPS_mode_set(1), I cannot call SSL_CTX_use_RSAPrivateKey_file. When I debug into it, it is failing when trying to initialize MD5. Apparently the private key is encrypted with MD5. I was under the impression that MD5 was not allowed in FIPS mode **unless** it's being used with TLS, which is what I'm doing. Am I wrong, or is there something else I have to do to allow MD5 in this case? Thank you Graeme Perrow ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
