Enable FIPS mode of OpenSSL by changing the configuration file, will it work for Python as well?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All:

I tried to enable the FIPS mode by making the following changes in my
openssl.cfg config file.

After making the changes, I verified that I can no longer run the non FIPS
approval algorithm such as MD5 by running openssl command, which is
expected:

openssl md5 123.txt


However, I can still use Python hashlib.md5() function to generate MD5 hash.

Does anyone know should the FIPS mode work for Python as well? My
understanding is Python SSL module also use openssl underneath, so ideally
the FIPS mode should have impacted my Python as well.

Thanks and any suggestions are greatly appreciated.


..........
 # Default appname: should match "appname" parameter (if any)
 # supplied to CONF_modules_load_file et al.
openssl_conf = openssl_conf_section

[openssl_conf_section]
 # Configuration module list
alg_section = evp_sect

[evp_sect]
 # Set to "yes" to enter FIPS mode if supported
fips_mode = yes


[ new_oids ]
.................
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150916/fae3ff9a/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux