On 05/12/2017 05:17 PM, Hareesh Joshi wrote: > Hi, > > I've a CentOS machine with > 1. FIPS capable OpenSSL module installed > 2. Kernel switched to FIPS with /proc/sys/crypto/fips_enabled=1 > > Will this make OpenSSL to switch to FIPS mode as well? Or do I > necessarily need to use OPENSSL_FIPS=1 ? > OpenSSL and the OpenSSL FIPS Object Module ignore /proc/sys/crypto/fips_enabled, that is presumably used by the Red Hat modified version of OpenSSL. You'll need to check with them about how that behaves. For a genuine FIPS capable OpenSSL you want to use FIPS_mode_set(); see the FIPS module user guide at https://www.openssl.org/docs/fips/UserGuide-2.0.pdf and/or the wiki at https://wiki.openssl.org/. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 301 874 2571 marquess@xxxxxxxxxxx gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
