Hi All:

>From the OpenSSL FIPS Security Policy chapter 4, it mentioned there are a
number of non-FIPS approved algorithms/ services which are still
implemented by the FIPS canister modules (e.g. RSA, DSA, DRDB, ECDSA etc).

Just wondering why these algorithms are still implemented by FIPS Canister.

The concern is, if these algorithms could still be used under FIPS mode,
there is risk that the applications which use the FIPS canister modules may
become non-FIPS compliant if these algorithms are used by mistake.

Is my understanding correct and in that case is there a way to disable
these non-FIPS approved algorithms?

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to