Implement FIPS_mode and FIPS_mode_set
[openssl.git] / ssl / ssl_lib.c
index 3f60ab1..77b5b5e 100644 (file)
@@ -1660,6 +1660,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                return(NULL);
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (meth->version < TLS1_VERSION))      
+               {
+               SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               return NULL;
+               }
+#endif
+
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);