I asked this question from a different thread, but thought it may be the best to start a new thread to discuss this question since it sounds like a big deal to me. I've built an openssl library with the FIPS objects modules, and I was testing the new lib files by replacing the original library files such as libcrypto.so with the new ones. >From the FIPS user guide I understand that any applications which need to use the OpenSSL FIPS modules will need to run the API FIPS_mode_set to enable the FIPS mode. This sounds like a big issue to me: there are may other libraries/ services which depends on OpenSSL. For example, Python, Apache, PostgreSQL, etc. If the *FIPS_mode_set *API needs to be invoked in order to enable the FIPS mode, how can we make third party library/ services like Python and Apache to invoke this API? Is there any other way to make the FIPS mode always enabled? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150914/7111d969/attachment.html>
