I'm sure Steve may be able to answer more succinctly, but generally... That [Signature Algorithm: sha1WithRSAEncryption] is the signature on the X.509 certificate - nothing to do with TLS at this point. When the certificate is 'sealed', it is done so with a signature - in this case RSA combined with the SHA-1 hash algorithm - the signature is the combination of encrypting the SHA1 hash of the certificate with the associated private key of the signing certificate.
When the certificate is "loaded" by OpenSSL, it is simply loaded into memory (usually) - no crypto operations are required to load a certificate. The private key associated with a certificate may be (and usually) is encrypted in some form. If that form uses MD5 or PBKD in any form, then it would not be allowed in FIPS mode. When the certificate's RSA key and the associated is used during TLS (in PRF and signing, as Steve pointed out), then they are used in combination with SHA-1 and MD5. OpenSSLs access to MD5 at this point is probably private and any EVP access to the MD5 functions would be disabled in FIPS140-2 approved mode. Carl ________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Perrow, Graeme [graeme.per...@sap.com] Sent: 26 July 2013 14:10 To: openssl-users@openssl.org Subject: RE: Using MD5 certificates in OpenSSL FIPS If I do "openssl x509 -in mycert.crt -text" I see "Signature Algorithm: sha1WithRSAEncryption". There's no mention of MD5 here but since OpenSSL is attempting to load it, I assume it's using the MD5-SHA1 combination. If that *is* permitted, why am I getting the "disabled for FIPS" error? Graeme -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Friday, July 26, 2013 7:39 AM To: openssl-users@openssl.org Subject: Re: Using MD5 certificates in OpenSSL FIPS On Fri, Jul 26, 2013, Carl Young wrote: > As far as I remember, the use of MD5 is only allowed in TLS 1 for the > specific use within the PRF for key generation as the __combination__ of > SHA-1 and MD5 is not considered weak usage. Use of MD5 elsewhere is still > disallowed. > It is also permitted with the MD5+SHA1 combined RSA signature again because the combination is not considered weak. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org