On Mon, Nov 04, 2013, Fredrik Jansson wrote: > Thanks, that did it! > > To try to understand the implications of this, if I add SSL_FIPS > to TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, > am I violating the security policy? AES 128/256 CBC and SHA are approved > algorithms(?). >
The security policy means you cannot modify any code in the validated module source, it does not apply to the FIPS capable OpenSSL which is effectively an "application" of the FIPS module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
