On Wed, May 15, 2013, Santhosh Kokala wrote: > Hi All, > I have a use case where an admin can configure the Ciphers from UI. I have > this code in the backend that tries to set the cipher > > meth = TLSv1_client_method(); > > ctx = SSL_CTX_new(meth); > > sslretval = SSL_CTX_set_cipher_list(ctx, ts_str(cipher)); > > When a user sets a cipher such as "MD5" when the device is in FIPS mode the > above call returns an error code. I am thinking to validate the input cipher > against the list of FIPS supported ciphers before calling > SSL_CTX_set_cipher_list(). Is there a function where I can get a list of FIPS > supported ciphers? >
Just a couple of additional points to the excellent replies already. If you're in FIPS mode then only FIPS ciphersuites can be used so "ALL" will result in only FIPS ciphersuites being used (note this includes ciphersuites offering no encryption). Also the special cipher string "FIPS" can be used: this works outside FIPS mode too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
