[openssl-users] Enable FIPS mode of OpenSSL by changing the configuration file, will it work for Python as well?

security veteran security.veteran at gmail.com
Wed Sep 16 23:09:46 UTC 2015

Hi All:

I tried to enable the FIPS mode by making the following changes in my
openssl.cfg config file.

After making the changes, I verified that I can no longer run the non FIPS
approval algorithm such as MD5 by running openssl command, which is

openssl md5 123.txt

However, I can still use Python hashlib.md5() function to generate MD5 hash.

Does anyone know should the FIPS mode work for Python as well? My
understanding is Python SSL module also use openssl underneath, so ideally
the FIPS mode should have impacted my Python as well.

Thanks and any suggestions are greatly appreciated.

 # Default appname: should match "appname" parameter (if any)
 # supplied to CONF_modules_load_file et al.
openssl_conf = openssl_conf_section

 # Configuration module list
alg_section = evp_sect

 # Set to "yes" to enter FIPS mode if supported
fips_mode = yes

[ new_oids ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150916/fae3ff9a/attachment.html>

More information about the openssl-users mailing list