On Monday 05 July 2004 01:24 am, Geoff Thorpe wrote:
> On June 24, 2004 12:49 pm, Kevin Stefanik wrote:
> [snip]
>
> > > However I'm
> > > pretty confident the 0.9.7 use of ERR_get_implementation() is bogus.
>
> [snip]
>
> > Linking the openssl engine to libcrypto.so shared library for 0.9.8
> > wo
Title: RE: Disabling for FIPS mode, take 2
On Friday, July 02, 2004 4:52 PM Dr. Stephen Henson wrote:
>> Two related patches I posted earlier are for a FIPS specific default
>> ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases
>> (pem_lib.c). Any additional feedback on th
As far as I understand it, FIPS 140-2 requires that you use a FIPS approved
RNG for generating keys (if that's what you meant below). This includes
ANSI X9.31 and FIPS 186-2, neither of which of course are supported by
OpenSSL which has its own PRNG. You might want to look at adding these if
the
On Tue, Jul 06, 2004, Marquess, Steve Mr JMLFDC wrote:
> On Friday, July 02, 2004 4:52 PM Dr. Stephen Henson wrote:
>
> >OpenSSL already supports various private key formats which only use FIPS
> >approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
> >solution is to just
Title: RE: Disabling for FIPS mode, take 2
On Tuesday, July 06, 2004 Dr. Stephen Henson wrote:
>> I was able to convert OpenSSH PEM format keys to PKCS#8 easily enough using
>> openssl pkcs8, but how do I convert the PKCS#8 back to the original format?
>>
>
>Well the first way is to do noth
