SSLv3 handshake with openssl-1.0.2-fips

[lrstewart]

Problem:

If you attempt to perform an SSLv3 handshake with openssl-1.0.2-fips, it will fail with errors not obviously related to SSLv3 not being allowed by FIPS. The first error is because we're not enabling MD5 right, but when I fixed that there were others.

Solution:

If FIPS is controlled by security policies, then openssl-1.0.2-fips should be able to do SSLv3 and we should fix the handshake. You can do an SSLv3 handshake with awslc-fips.
If not, then we should probably simply error if SSLv3 is negotiated with openssl-1.0.2-fips, rather than trying to perform the handshake and failing later. The error should make it clear that FIPS+SSLv3 is the problem.

• Does this change what S2N sends over the wire? If yes, explain.
• Does this change any public APIs? If yes, explain.
• Which versions of TLS will this impact?

Requirements / Acceptance Criteria:

What must a solution address in order to solve the problem? How do we know the solution is complete?

• RFC links: Links to relevant RFC(s)
• Related Issues: Link any relevant issues
• Will the Usage Guide or other documentation need to be updated?
• Testing: How will this change be tested? Call out new integration tests, functional tests, or particularly interesting/important unit tests.
  • Will this change trigger SAW changes? Changes to the state machine, the s2n_handshake_io code that controls state transitions, the DRBG, or the corking/uncorking logic could trigger SAW failures.
  • Should this change be fuzz tested? Will it handle untrusted input? Create a separate issue to track the fuzzing work.

Out of scope:

Is there anything the solution will intentionally NOT address?