On Fri, Nov 21, 2014, Charles Mills wrote: > Thanks. I guess I may have to open a problem with IBM. The IBM documentation > clearly lists a number of "cipher suites" (at they call them) that use SHA1 > (including the one we (IBM+OpenSSL) default to as being FIPS 140-2 > compliant. > > GSK appears to only support SHA1 and MD5, and MD4 is pretty clearly not FIP > 140-2 compliant. > > Hmm. I had this note partly composed when Dr. Henson's reply came in. I am > thoroughly mystified. >
Could try to connect your client to OpenSSL's s_server utility with the -state (or for 1.0.2 -trace)? If we can find out what message is triggering that error it might give some hints. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org