On Tue, May 18, 2010, Paul Ohmart wrote: > Can anyone tell me what RNG is used in the SSL handshake in FIPS mode? Also > what OpenSSL functions are called to get the random number. The Security > Policy 1.1.1 documentation states that it is X9.31 but I am unable to > locate where that happens in the source. > > I am trying to use OpenSSL to generate random numbers that are X9.31 > compliant. >
OpenSSL uses the default PRNG implementation for all operations including SSL/TLS, though in FIPS mode only TLS is permissible. When you enter FIPS mode the default PRNG is set to the FIPS PRNG so TLS uses the FIPS PRNG. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org