How do I disable SSLv3 so that I can use FIPS? On Fri, Jul 17, 2009 at 4:22 PM, David Schwartz <dav...@webmaster.com>wrote:
> > Michael Kurecka: > > > I am trying to run wpa_supplicant in FIPS mode. > > Why? > > > I don't think the MD5 function is even called > > MD5 is part of SSLv3. > > #6 0x4003e6b8 in ssl3_connect () from /usr/lib/libssl.so.0.9.8#7 > 0x4004ebf4 in SSL_connect () from /usr/lib/libssl.so.0.9.8#8 0x000526c0 in > tls_connection_handshake (ssl_ctx=<value optimized out>, conn=0x94e68, > in_data=0x970d0 "\224,@\224,@\020", in_len=0, out_len=0x94d88, > appl_data=0xbed1f218, appl_data_len=0xbed1f214) at > ../src/crypto/tls_openssl.c:1792 > #9 0x0004fcac in eap_peer_tls_process_helper (sm=0x8ad90, data=0x94d80, > eap_type=EAP_TYPE_PEAP, peap_version=0, id=98 'b', in_data=0x0, > in_len=537439632, out_data=0xbed1f264) at > ../src/eap_peer/eap_tls_common.c:463 > > You need to disable SSLv3 if you want to use FIPS mode. SSLv3 relies on MD5 > for some of its security properties, and that's a no-no in FIPS mode. > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
