On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote: > > > > On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote: > > > > > > TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC > which > > > is a problem, but the reason for not using SSLv3 is FIPS regulation. > > > > "Not Exactly". The TLS PRF uses *both* SHA1 and MD5, in a way which > > is carefully > > designed to have the security properties of the stronger of the two. > > NIST and the > > labs have accepted the argument that this means that, effectively, > > only Approved > > algorithms are used for security (because even if you consider MD5 > > to be zero-strength, > > the TLS PRF is as strong as SHA1). > > > > This is not the case for SSLv3, which is why SSLv3 is not acceptable > > in a FIPS-140 > > certified product: an unapproved algorithm (MD5) is used for data > > integrity. There is > > no specific "regulation", just the general requirement that only > > Approved algorithms > > be used. > > > > -- > > Thor Lancelot Simon [EMAIL PROTECTED] > > "Even experienced UNIX users occasionally enter rm *.* at the UNIX > > prompt only to realize too late that they have removed the wrong > > segment of the directory structure." - Microsoft WSS whitepaper > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Development Mailing List openssl-dev@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > "Not Exactly"? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which > is IMHO very cleaver as it requires both HASH functions to be broken. But, > the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The > specific regulation is > http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf > page 61. Several other regulation references exist as well... > > SSLv3 was allowed in the past with special CipherSuites see > http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html > , which was never truly official AFAIK in any NIST Document, but widely > used and IMHO painful. In this case these CipherSuites used the TLS PRF > instead of the SSLv3 PRF (wont bother going in the fine specifics). > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. >
That being said, how do you get openssl to compile with FIPS and be backwards compatable at the same time? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
