On Thursday, 6 September 2018 04:18:38 CEST Alessandro Gherardi via openssl- users wrote: > I have a question: On Windows, should OpenSSL FIPS automatically enable FIPS > mode (FIPS_mode_set(1)) if the FIPS registry > entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithm > Policy\Enabled is set to 1? > > This is to emulate the Linux behavior - if I understand correctly, if Linux > is configured for FIPS mode, OpenSSL automatically enables FIPS mode. > Thanks in advance,Alessandro putting Linux kernel to fips mode (adding `fips=1` to kernel command line) not necessarily puts the whole system (and thus OpenSSL) into fips mode please check the module's Security Policy on the NIST Cryptographic Module Validation Program website to find the authoritative instructions on how to ensure FIPS mandated behaviour of the module -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
