[openssl-users] Runtime list of FIPS ciphers
jonetsu
jonetsu at teksavvy.com
Fri Mar 20 17:25:06 UTC 2015
> From: "Dr. Stephen Henson" <steve at openssl.org>
> Date: 03/20/15 12:48
> OPENSSL_FIPS=1 openssl ciphers -v
> openssl ciphers -v FIPS
Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.
However, we have built Debian packages for the target unit, using 1.0.1e. While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? :
% ./fips_hmac -v gcrypt_pkglist
FIPS mode enabled
ret: 1
51dedc633485ccb55f4624763e9d118d6df15b3c
% OPENSSL_FIPS=1 openssl ciphers -v
3069818064:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1729:
% ldd fips_hmac
libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6dbc000)
% ldd /usr/bin/openssl
libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6f5e000)
libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6e03000)
% openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
More information about the openssl-users
mailing list