Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may have no affect against a non-FIPS enabled OpenSSL. According to some posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an error as md5 is not an enabled cipher in FIPS mode. On Wed, Feb 10, 2016 at 1:49 PM, Lesley Kimmel <lesley.j.kimmel at gmail.com> wrote: > I think you can run 'OPENSSL_FIPS=1 openssl ciphers -v'. I believe that > if, FIPS is compiled in properly you should get output. Otherwise an error > should occur. > > On Wed, Feb 10, 2016 at 1:41 PM, cloud force <cloud.force858 at gmail.com> > wrote: > >> Hi everyone, >> >> I built and installed the FIPS capable OpenSSL lib on my system, and I >> was wondering what's the easiest way to find out whether my OpenSSL is >> really FIPS capable or not. >> >> e.g. is there any way to run some openssl commands to find out, such as >> "openssl ciphers -v", and what cipher suite should definitely not show up >> in FIPS mode. >> >> Thanks, >> Rich >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160210/237c71ea/attachment.html>
