The Doctor wrote:
On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote:
David Jacobson wrote:
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the librar
The Doctor wrote:
...
Note also that due to an implementation quirk you need to clear the
currently set RNG when switching back into FIPS mode.
It is not an implementation quirk, it is a requirement of FIPS 140. FIPS
140 requires that when switching modes all keys and "critical security
parame
On Thu, Sep 25, 2008 at 08:22:11AM -0400, Steve Marquess wrote:
> David Jacobson wrote:
>> Tim Hudson wrote:
>>> The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
>>>
>>> That is what the FIPS mode is for - the lib
David Jacobson wrote:
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it disables the use of non-
Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it disables the use of non-approved
algorithms.
On Tue, Sep 23, 2008 at 06:46:31PM +0200, Dr. Stephen Henson wrote:
> On Tue, Sep 23, 2008, The Doctor wrote:
>
> > On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> > > On Mon, Sep 22, 2008, The Doctor wrote:
> > >
> > > >
> > > >
> > > > Apart from me, anyone else tried th
On Tue, Sep 23, 2008, The Doctor wrote:
> On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> > On Mon, Sep 22, 2008, The Doctor wrote:
> >
> > >
> > >
> > > Apart from me, anyone else tried the fipdso in their configuration
> > > as extensively as I have?
> > >
> >
> > The
On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote:
> On Mon, Sep 22, 2008, The Doctor wrote:
>
> >
> >
> > Apart from me, anyone else tried the fipdso in their configuration
> > as extensively as I have?
> >
>
> The fipsdso option isn't terribly useful for most users. To use
On Mon, Sep 22, 2008, The Doctor wrote:
>
>
> Apart from me, anyone else tried the fipdso in their configuration
> as extensively as I have?
>
The fipsdso option isn't terribly useful for most users. To use it you need
a corresponding binary validated shared library installed.
If you want t
On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote:
> The Doctor wrote:
>> That being said, how do you get openssl to compile with FIPS
>> and be backwards compatable at the same time?
>
> That is what the FIPS mode is for - the library built supports all
> algorithms and when in FIPS mode
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all algorithms
and when in FIPS mode it disables the use of non-approved algorithms.
A single applicatio
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
>
>
> "Not Exactly"? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which
> is IMHO very cleaver as it requires both HASH functions to be broken. But,
> the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The
> spe
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
>
>
> > On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
> > >
> > > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
> which
> > > is a problem, but the reason for not using SSLv3 is FIPS regulation.
> On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
> >
> > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
which
> > is a problem, but the reason for not using SSLv3 is FIPS regulation.
>
> "Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which
> i
On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
>
> TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC which
> is a problem, but the reason for not using SSLv3 is FIPS regulation.
"Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which is
carefully
d
>
> > Is this correct for openssl 0.9.8 using FIPS?
> >
> > test SSL protocol
> > test ssl3 is forbidden in FIPS mode
> > *** IN FIPS MODE ***
> > Available compression methods:
> > 1: zlib compression
> > SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> > 1 handshakes of 256 bytes d
> Is this correct for openssl 0.9.8 using FIPS?
>
> test SSL protocol
> test ssl3 is forbidden in FIPS mode
> *** IN FIPS MODE ***
> Available compression methods:
> 1: zlib compression
> SSLv3, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> 1 handshakes of 256 bytes done
> gmake[1]: ***
17 matches
Mail list logo
