[openssl-users] Runtime list of FIPS ciphers

jonetsu jonetsu at teksavvy.com
Fri Mar 20 17:25:06 UTC 2015

> From: "Dr. Stephen Henson" <steve at openssl.org> 
> Date: 03/20/15 12:48 
>      OPENSSL_FIPS=1 openssl ciphers -v
>      openssl ciphers -v FIPS

Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.  

However, we have built Debian packages for the target unit, using 1.0.1e.  While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? :

% ./fips_hmac -v gcrypt_pkglist

 FIPS mode enabled
 ret: 1

% OPENSSL_FIPS=1 openssl ciphers -v

 3069818064:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1729:

% ldd fips_hmac

 libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6dbc000)

% ldd /usr/bin/openssl

 libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6f5e000)
 libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6e03000)

% openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013


More information about the openssl-users mailing list