Commit Graph

14 Commits (bfdbb139b4fc306a5b04e806f8124bee6851c5d9)

Author SHA1 Message Date
Dmitry Belyavskiy 477d91adec Rebasing to OpenSSL 3.0.7
2 years ago
Dmitry Belyavskiy f4e1bded66 Improve diagnostics when passing unsupported groups in TLS
2 years ago
Dmitry Belyavskiy 8638196167 Ciphersuites with RSAPSK KX should be filterd in FIPS mode
2 years ago
Dmitry Belyavskiy b5de6bd830 In FIPS mode limit key sizes for signature verification
3 years ago
Dmitry Belyavskiy 7bc4f9f094 Ciphersuites with RSA KX should be filterd in FIPS mode
3 years ago
Dmitry Belyavskiy b393177f7d `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
3 years ago
Dmitry Belyavskiy 69c1abb4df openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
3 years ago
Dmitry Belyavskiy 1b2d08b2c2 Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
3 years ago
Dmitry Belyavskiy ad863e9fc8 OpenSSL FIPS module should not build in non-approved algorithms
3 years ago
Dmitry Belyavskiy 02c75e5a65 We dont'want totally forbid RSA encryption.
3 years ago
Dmitry Belyavskiy 7a1c7b28bc FIPS provider doesn't block RSA encryption for key transport
3 years ago
Dmitry Belyavskiy 922b5301ea Adjust FIPS provider version
3 years ago
Dmitry Belyavskiy d237e7f301 Restoring fips=yes to SHA-1
3 years ago
Dmitry Belyavskiy cc37486d86 Minimize the list of services allowed for FIPS
3 years ago