Menu
▾
▴
Re: [Opensc-devel] mutual authentication fails when FIPS enabled
|
From: Petr P. <pet...@at...> - 2021-02-01 18:36:17
|
V Mon, Feb 01, 2021 at 12:39:30PM -0500, George napsal(a): > Hi, > > I had a closer look at this problem and confirmed that I have > successfully enabled FIPS in OpenSSL and am using the FIPS compliant > cipher suite TLS_RSA_WITH_AES_128_CBC_SHA. > (https://wiki.openssl.org/index.php/FIPS_mode_and_TLS#TLS_1.2) > That's a cipher suite for TLS (encrypted TCP). > However, LIBP11 still fails unless I make a modification to the source > code in p11_rsa.c. Does this mean there is indeed a bug in LIBP11? > I think that a mutual authentication in context of libp11 means a "secure" authentication of a user to a cryptographic card instead of sending a PIN in a "plain" text between the user and the card. I saw a few hints that there is used a MD5-based HMAC. And that probably triggers your issue. -- Petr |
