I assume it says it is a FIPS 140-2 approved mode because it is approved
by FIPS 140-2 ;). Don't confuse the concepts of being 'FIPS approved' or
'FIPS compliant' with being 'secure'. They are not the same thing, and
can sometimes conflict.
On 20/03/2015 12:01, Philip Bellino wrote:
Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?
If AES CBC Encryption is considered vulnerable to an attacker with the
capability to inject arbitrary traffic into the plain-text stream,
then why is it listed as an approved algorithm/option in table 4A on
page 14 of the OpenSSL Security Policy:
http://openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf
I am just looking for a clarification.
Thanks,
Phil
*Phil Bellino*
*Principal Software Engineer****| **MRV Communications Inc.*
300 Apollo Drive *| *Chelmsford, MA 01824
Phone: 978-674-6870*| *Fax: 978-674-6799
www.mrv.com
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users