Awesome, thank you! Can you please help me close bug 3152?
I will put in a change request to have TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and TLS1_TXT_PSK_WITH_AES_256_CBC_SHA enabled in FIPS mode. Best regards, Fredrik On Mon, Nov 4, 2013 at 3:37 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Mon, Nov 04, 2013, Fredrik Jansson wrote: > > > Thanks, that did it! > > > > To try to understand the implications of this, if I add SSL_FIPS > > to TLS1_TXT_PSK_WITH_AES_128_CBC_SHA and > TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, > > am I violating the security policy? AES 128/256 CBC and SHA are approved > > algorithms(?). > > > > The security policy means you cannot modify any code in the validated > module > source, it does not apply to the FIPS capable OpenSSL which is effectively > an > "application" of the FIPS module. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
