[openssl-users] Runtime list of FIPS ciphers
Dr. Stephen Henson
steve at openssl.org
Fri Mar 20 17:43:25 UTC 2015
On Fri, Mar 20, 2015, jonetsu wrote:
> > From: "Dr. Stephen Henson" <steve at openssl.org>
> > Date: 03/20/15 12:48
> > OPENSSL_FIPS=1 openssl ciphers -v
> > openssl ciphers -v FIPS
> Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k.
> However, we have built Debian packages for the target unit, using 1.0.1e. While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? :
Some of the apps used to default to SSLv3 if OpenSSL was compiled with
no-ssl2. This is fixed in later versions of OpenSSL. Try manually adding the
-tls1 option to the ciphers command.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users