From ea717df2f3c9582198e1e40e6d5a566a33974039 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Tue, 15 Apr 2014 19:42:56 +0000
Subject: remove FIPS mode support. people who require FIPS can buy something
 that meets their needs, but dumping it in here only penalizes the rest of us.
 ok miod

---
 src/lib/libssl/ssl_ciph.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

(limited to 'src/lib/libssl/ssl_ciph.c')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index ed2e78bdcc..ed5ac725a2 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -617,11 +617,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 			s->ssl_version < TLS1_VERSION)
 		return 1;
 
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return 1;
-#endif
-
 		if (c->algorithm_enc == SSL_RC4 &&
 			c->algorithm_mac == SSL_MD5 &&
 		(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
@@ -798,9 +793,6 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 		c = ssl_method->get_cipher(i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
-		(!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
 		!(c->algorithm_mkey & disabled_mkey) &&
 		!(c->algorithm_auth & disabled_auth) &&
 		!(c->algorithm_enc & disabled_enc) &&
@@ -1461,12 +1453,7 @@ const char *rule_str)
 	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
 	 */
 	for (curr = head; curr != NULL; curr = curr->next) {
-#ifdef OPENSSL_FIPS
-		if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
-		if (curr->active)
-#endif
-		{
+		if (curr->active) {
 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
 			printf("<%s>\n", curr->cipher->name);
-- 
cgit v1.2.3-55-g6feb