We are using OpenSSL 1.0.1e/FIPS 2.0.11 on CentOS6 x86_64 and I have a question about the TLS GCM Cipher suites -
Do the TLS GCM suites satisfy the requirements of Section 8 of SP 800-38D ?
If I am reading the document right, the following are the requirements therein.
The probability that the authenticated encryption function ever will be invoked with the same IV and same key on two (or more) distinct sets of input data shall be no greater than 2-32.
Any GCM key that is established among its intended users shall, with high probability, be fresh.
The total number of invocations of the authenticated encryption function shall not exceed 232, including all IV lengths and all instances of the authenticated encryption function with the given key.