> From: "Dr. Stephen Henson" <steve at openssl.org> > Date: 03/20/15 12:48 ? > ?????OPENSSL_FIPS=1 openssl ciphers -v > ?????openssl ciphers -v FIPS Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.? However, we have built Debian packages for the target unit, using 1.0.1e.? While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? : % ./fips_hmac -v gcrypt_pkglist ?FIPS mode enabled ?ret: 1 ?51dedc633485ccb55f4624763e9d118d6df15b3c % OPENSSL_FIPS=1 openssl ciphers -v ?3069818064:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1729: % ldd fips_hmac ?libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6dbc000) % ldd /usr/bin/openssl ?libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6f5e000) ?libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6e03000) % openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
