[openssl-users] How to enable FIPS mode by default of the OpenSSL FIPS modules

security veteran security.veteran at gmail.com
Mon Sep 14 21:21:36 UTC 2015

I asked this question from a different thread, but thought it may be the
best to start a new thread to discuss this question since it sounds like a
big deal to me.

I've built an openssl library with the FIPS objects modules, and I was
testing the new lib files by replacing the original library files such
as libcrypto.so with the new ones.

>From the FIPS user guide I understand that any applications which need
to use the OpenSSL FIPS modules will need to run the API FIPS_mode_set
to enable the FIPS mode.

This sounds like a big issue to me: there are may other libraries/
services which depends on OpenSSL. For example, Python, Apache,
PostgreSQL, etc.

If the *FIPS_mode_set *API needs to be invoked in order to enable the
FIPS mode, how can we make third party library/ services like Python
and Apache to invoke this API?

Is there any other way to make the FIPS mode always enabled?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150914/7111d969/attachment.html>

More information about the openssl-users mailing list