Commit Graph

11 Commits (a63915eb2b7902c6b2fdb71de56c072b220be554)

Author SHA1 Message Date
Dmitry Belyavskiy b5de6bd830 In FIPS mode limit key sizes for signature verification
3 years ago
Dmitry Belyavskiy 7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode
3 years ago
Dmitry Belyavskiy b393177f7d `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
3 years ago
Dmitry Belyavskiy 69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
3 years ago
Dmitry Belyavskiy 1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
3 years ago
Dmitry Belyavskiy ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms
3 years ago
Dmitry Belyavskiy 02c75e5a65 We dont'want totally forbid RSA encryption.
3 years ago
Dmitry Belyavskiy 7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport
3 years ago
Dmitry Belyavskiy 922b5301ea Adjust FIPS provider version
3 years ago
Dmitry Belyavskiy d237e7f301 Restoring fips=yes to SHA-1
3 years ago
Dmitry Belyavskiy cc37486d86 Minimize the list of services allowed for FIPS
3 years ago