FIPS Non­-Approved Cryptographic Functions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

FIPS Non­-Approved Cryptographic Functions

Alan Dean
Hi All:

From the OpenSSL FIPS Security Policy chapter 4, it mentioned there are a number of non-FIPS approved algorithms/ services which are still implemented by the FIPS canister modules (e.g. RSA, DSA, DRDB, ECDSA etc).

Just wondering why these algorithms are still implemented by FIPS Canister. 

The concern is, if these algorithms could still be used under FIPS mode, there is risk that the applications which use the FIPS canister modules may become non-FIPS compliant if these algorithms are used by mistake.

Is my understanding correct and in that case is there a way to disable these non-FIPS approved algorithms?

Thanks.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users