From: Dr. Stephen Henson Date: Wed, 6 Nov 2013 14:38:28 +0000 (+0000) Subject: Enable PSK in FIPS mode. X-Git-Tag: master-post-reformat~1094 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e0ffd129c16af90eb5e2ce54e57832c0046d1aaf;p=oweals%2Fopenssl.git Enable PSK in FIPS mode. Enable PSK ciphersuites with AES or DES3 in FIPS mode. --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 618f53d73d..220533734a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES128, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, @@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES256, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256,