OpenSSL FIPS mode for libcurl

Dipak B deepak.redmi2 at gmail.com
Tue Aug 13 06:48:54 UTC 2019


Hi,

I am able to run an application using libcurl which in turn uses OpenSSL in
FIPS mode with following configuration

Help requested
Need opinion from seniors who know OpenSSL and libcurl codebase if
following is good from conceptual perspective with respect to OpenSSL,
libcurl.

a) Built static libcurl using 'FIPS capable OpenSSL'. These OpenSSL libs
were generated earlier as static libraries.

b) In my application, called SSL_Library_Init() followed by FIPS_mode_set()
and other APIs to confirm that FIPS mode is on.

c) Added curl API to do http post using the easy interface.

d) Built my application by linking to static libcurl.lib in point (a) and
static FIPS capable OpenSSL .libs.

3) Wireshark shows +be result.

Questions -

Q1) Conceptually, can libcurl work using the CipherSuites selected by FIPS
capable OpenSSL in the above example?

Thus, can we say that libcurl will always be using CipherSuites selected by
the FIPS capable OpenSSL and thus is FIPS compliant.?


Q2) Or are changes to libcurl source code an absolute must to run it in
FIPS compliant mode for above configuration.

Appreciate all inputs.
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190813/bf2dcd77/attachment.html>


More information about the openssl-users mailing list