[openssl-users] How do I verify the FIPS mode

Lesley Kimmel lesley.j.kimmel at gmail.com
Wed Feb 10 19:56:56 UTC 2016


Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
have no affect against a non-FIPS enabled OpenSSL. According to some posts
you can do 'OPENSSL_FIPS=1 openssl md5' which should return an error as md5
is not an enabled cipher in FIPS mode.

On Wed, Feb 10, 2016 at 1:49 PM, Lesley Kimmel <lesley.j.kimmel at gmail.com>
wrote:

> I think you can run 'OPENSSL_FIPS=1 openssl ciphers -v'. I believe that
> if, FIPS is compiled in properly you should get output. Otherwise an error
> should occur.
>
> On Wed, Feb 10, 2016 at 1:41 PM, cloud force <cloud.force858 at gmail.com>
> wrote:
>
>> Hi everyone,
>>
>> I built and installed the FIPS capable OpenSSL lib on my system, and I
>> was wondering what's the easiest way to find out whether my OpenSSL is
>> really FIPS capable or not.
>>
>> e.g. is there any way to run some openssl commands to find out, such as
>> "openssl ciphers -v", and what cipher suite should definitely not show up
>> in FIPS mode.
>>
>> Thanks,
>> Rich
>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160210/237c71ea/attachment.html>


More information about the openssl-users mailing list