Thanks Lesley and Steve for the answers. Rich On Wed, Feb 10, 2016 at 12:02 PM, Steve Marquess <marquess at openssl.com> wrote: > On 02/10/2016 02:56 PM, Lesley Kimmel wrote: > > Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may > > have no affect against a non-FIPS enabled OpenSSL. According to some > > posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an > > error as md5 is not an enabled cipher in FIPS mode. > > It depends on the version. Recent versions of OpenSSL will give a "FIPS > mode not supported" error for > > env OPENSSL_FIPS=1 openssl md5 ... > > Whereas that command for a properly built FIPS-enabled OpenSSL will give > a "not permitted in FIPS mode" error. > > -Steve M. > > -- > Steve Marquess > OpenSSL Validation Services, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marquess at openssl.com > gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160210/719904e0/attachment.html>
