In our environment, libcurl is linked in with openSSL 0.9.8k and associated FIPS module. It is linked into our client application.
When setting openSSL FIPS mode (FIPS_mode_set(1)), the TLS handshaking reply seemed to be ignored on communications with the server. The client linked with libcurl sends a TLS HELLO with a list of supported crypto strings and the server picks one and replies. The client appears to ignore the server reply and resubmits the HELLO, then fails after the response. We have not problem when FIPS is not turned on: Without FIPS turned on the client sends a TLS HELLO with a longer list of crypto strings which include non FIPS allowed strings, and the server picks a non FIPS allowed string and replies with that. In this case the TLS normal handshaking occurs and the client does not fail. Any idea? Does libcurl not support the stronger encryption of FIPS (AES encryption, and SHA digest)? (apache code httpd works find in FIPS mode using the same openSSL. The TLS handshaking is fine with the apache server). Thanks, Mike
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
