On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
>
> TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC which
> is a problem, but the reason for not using SSLv3 is FIPS regulation.
"Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which is
carefully
designed to have the security properties of the stronger of the two. NIST and
the
labs have accepted the argument that this means that, effectively, only Approved
algorithms are used for security (because even if you consider MD5 to be
zero-strength,
the TLS PRF is as strong as SHA1).
This is not the case for SSLv3, which is why SSLv3 is not acceptable in a
FIPS-140
certified product: an unapproved algorithm (MD5) is used for data integrity.
There is
no specific "regulation", just the general requirement that only Approved
algorithms
be used.
--
Thor Lancelot Simon [EMAIL PROTECTED]
"Even experienced UNIX users occasionally enter rm *.* at the UNIX
prompt only to realize too late that they have removed the wrong
segment of the directory structure." - Microsoft WSS whitepaper
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
