> We use OpenSSL for encryption within our application. > I am now enhancing our application to become FIPS compliant. > The OpenSSL FIPS Security Policy lists RSA key wrapping and > key establishment as non-approved. But the policy states that > it is included when 80 to 150 bits of encryption strength are > used. So how do I provide a key exchange if I want FIPS compliance?
TLS is FIPS approved if you only used FIPS-allowed algorithms within it. OpenSSL does this in FIPS mode. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]