[openssl-users] Runtime list of FIPS ciphers

Dr. Stephen Henson steve at openssl.org
Fri Mar 20 17:43:25 UTC 2015

On Fri, Mar 20, 2015, jonetsu wrote:

> > From: "Dr. Stephen Henson" <steve at openssl.org> 
> > Date: 03/20/15 12:48 
> >      OPENSSL_FIPS=1 openssl ciphers -v
> >      openssl ciphers -v FIPS
> Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.  
> However, we have built Debian packages for the target unit, using 1.0.1e.  While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? :

Some of the apps used to default to SSLv3 if OpenSSL was compiled with
no-ssl2. This is fixed in later versions of OpenSSL. Try manually adding the
-tls1 option to the ciphers command.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list