Question about SSL key size in FIPS mode

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about SSL key size in FIPS mode

Ernie Kovak
Hello -

I just ran into a problem with a BCFIPS SSL client where it failed to establish the connection because the server and CA certificates' keys are 4096 bits long (and, btw, it was NOT easy to get a meaningful error message). The BCFIPS security policy states the only valid RSA key lengths are 2048 and 3072, and a 4096-bit key can be used only for signature verification.

But I don't see anything in the FIPS implementor's guide that would disallow 4096-bit keys. Can you help me to understand that?

I'm using bcfips-101 and bctls-fips-104's BouncyCastleJsseProvider("fips:BCFIPS") provider.

Thanks -
Ernie
Reply | Threaded
Open this post in threaded view
|

Re: Question about SSL key size in FIPS mode

David Hook-3

NIST released updated guidance early last year lifting the restriction on RSA key sizes. Prior to that the restrictions were based on what was in FIPS PUB 186-4. Unfortunately 1.0.1 had already been submitted when the restriction was lifted. 1.0.2 (now in betas) has the restriction lifted in it.

Regards,

David

On 11/08/18 05:54, Ernie Kovak wrote:
Hello -

I just ran into a problem with a BCFIPS SSL client where it failed to establish the connection because the server and CA certificates' keys are 4096 bits long (and, btw, it was NOT easy to get a meaningful error message). The BCFIPS security policy states the only valid RSA key lengths are 2048 and 3072, and a 4096-bit key can be used only for signature verification.

But I don't see anything in the FIPS implementor's guide that would disallow 4096-bit keys. Can you help me to understand that?

I'm using bcfips-101 and bctls-fips-104's BouncyCastleJsseProvider("fips:BCFIPS") provider.

Thanks -
Ernie