Your first question should be presented to the Python developers that provide support for OpenSSL. They would be the user of the OpenSSL API. I'm not a Python expert, but somewhere they would have a native layer that leverages the OpenSSL API. This native layer code would need to invoke FIPS_mode_set(). The question is whether our not they expose a knob to the Python user layer to enable/disable FIPS. Maybe someone on this mailer happens to know the answer. If not, reach out to the Python developer community. Regarding your second question, FIPS_mode_set() needs to be invoked once within each process space. Therefore, if your Python code was all running in a single process space, then you'd only need to invoke it once. But if you're spawning multiple processes, then you'll need to invoke it whenever a new process was created. On 09/14/2015 03:51 PM, security veteran wrote: > Hi, > > I've built an openssl library with the FIPS objects modules, and I was > testing the new lib files by replacing the original library files such > as libcrypto.so with the new ones. > > From the FIPS user guide I understand that any applications which need > to use the OpenSSL FIPS modules will need to run the API FIPS_mode_set > to enable the FIPS mode. > > My question is, for the applications/ libraries like Python-openssl > which depends on the openssl libraries, how do I make the > Python-openssl module to run the FIPS_mode_set API, in order to > initialize/enable FIPS mode? > > Also, does the FIPS_mode_set API only need to be run once by one of > the applications/ libraries which use OpenSSL? > > Thanks for your helps! > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150914/b5d7675d/attachment.html>
