[openssl-users] How to enable FIPS mode by default of the OpenSSL FIPS modules
security veteran
security.veteran at gmail.com
Mon Sep 14 21:21:36 UTC 2015
I asked this question from a different thread, but thought it may be the
best to start a new thread to discuss this question since it sounds like a
big deal to me.
I've built an openssl library with the FIPS objects modules, and I was
testing the new lib files by replacing the original library files such
as libcrypto.so with the new ones.
>From the FIPS user guide I understand that any applications which need
to use the OpenSSL FIPS modules will need to run the API FIPS_mode_set
to enable the FIPS mode.
This sounds like a big issue to me: there are may other libraries/
services which depends on OpenSSL. For example, Python, Apache,
PostgreSQL, etc.
If the *FIPS_mode_set *API needs to be invoked in order to enable the
FIPS mode, how can we make third party library/ services like Python
and Apache to invoke this API?
Is there any other way to make the FIPS mode always enabled?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150914/7111d969/attachment.html>
More information about the openssl-users
mailing list