Enable PSK in FIPS mode.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 6 Nov 2013 14:38:28 +0000 (14:38 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 6 Nov 2013 14:38:28 +0000 (14:38 +0000)
Enable PSK ciphersuites with AES or DES3 in FIPS mode.

ssl/s3_lib.c

index 618f53d..2205337 100644 (file)
@@ -1678,7 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1710,7 +1710,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,