RE: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks for your answer, it clears up a path for me.

Basically, when I build my code against OpenSSL library running with version 2.0 FIPS enabled, my code would work fine on systems running with same OpenSSL library version but non-fips mode.
 

$> openssl version

OpenSSL 1.0.2k-fips  26 Jan 2017

 
>FIPS ciphers are a subset of the ciphers that OpenSSL supports.
Is this true of both OpenSSL 2.0 FIPS version and OpenSSL 3.0 FIPS version. (I suppose yes). But still your confirmation will be helpful. 

Also, current version is considered outdated, even before new version is ready. 
 
Prashant
 
 
----- Original message -----
From: "Salz, Rich" <rsalz@xxxxxxxxxx>
To: Prashant Sharma31 <prashsh1@xxxxxxxxxx>, "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx>, Mei-Mei Fu <mfu@xxxxxxxxxx>
Cc:
Subject: [EXTERNAL] Re: OpenSSL in FIPS mode, does FIPS mode provide any extra set of ciphersuites?
Date: Thu, May 28, 2020 8:16 PM
 

Are you asking about the current (outdated) 2.0 module or the 3.0 module that is still being developed?

In 2.0, once you enter FIPS mode you cannot leave it.  In 3.0 you can switch among FIPS and non-FIPS as you need to.  See https://www.openssl.org/docs/OpenSSL300Design.html for a description of 3.0

 

FIPS ciphers are a subset of the ciphers that OpenSSL supports.

 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux