Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl 1.0.2 fips: unexpected failure with 512 bit RSA #4651

Closed
jmayclin opened this issue Jul 16, 2024 · 0 comments · Fixed by #4654
Closed

openssl 1.0.2 fips: unexpected failure with 512 bit RSA #4651

jmayclin opened this issue Jul 16, 2024 · 0 comments · Fixed by #4654
Assignees
@jouho
Labels
priority/medium Rank 3 s2n-core team size/small

Comments

@jmayclin
Copy link
Contributor

Problem:

In #4612 there was an unexpected failure when attempting to use 512 bit RSA certs with OpenSSL 1.0.2 FIPS. We did not see this failure in any of the other libcryptos that we use.

While no one should be using 512 bit RSA certs, it would still be valuable to understand and document why OpenSSL 1.0.2 FIPs behaves this particular way.

Requirements/Acceptance Criteria

We should be able to explain why this failed for OpenSSL 1.0.2 FIPs only, and then document that knowledge.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jouho jouho

Labels
priority/medium Rank 3 s2n-core team size/small
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: document OpenSSL-FIPS restriction on RSA key size aws/s2n-tls
4 participants
@goatgoose @jmayclin @jouho @WesleyRosenblum