On 04/05/2016 08:15, mani kanta wrote:
Hello,
While the SSL handshake is happening,I am getting the error as below
SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not
allowed in fips mode.
ssl handshake went well up to client sending key exchange to server
and failing in the process of send client verify. Why this error
happens ? and How to overcome this ?
Background:
1. I built Openssl in FIPS mode. From the supplicant (application) I
called FIPS_mode_set(1) API. In my use-case I am trying to connect
WPA2 Enterprise Wi-Fi network which has EAP-TLS configured (used
radius server to setup EAP-TLS).
2. From the network packets it is confirmed that the client and the
server agreed on to use TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher
suit. Also found that if in case TLS_RSA_WITH_AES_256_CBC_SHA256
cipher suit is selected then also it throws the same above mentioned
error.
3. I am using openssl verson 1.0.2f(client side). radius
server(3.0.11) . Server is running in ubuntu 14.04
Is your RSA key too short (FIPS mode imposes a minimum key
length by refusing to use shorter keys).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
