[openssl-users] Enforcing FIPS via Cipher Suites Declaration
lesley.j.kimmel at gmail.com
Thu Feb 4 15:13:01 UTC 2016
I'm working with PosgreSQL in a DoD environment and am supposed to enforce
FIPS operation. PostgreSQL doesn't perform a call to FIP_mode_set() but
does provide a configuration item 'ssl_ciphers'. Is there more to FIPS_mode
than I am aware of or would it be functionally equivalent to simply set my
ciphers to something like 'FIPS:!aNULL:!eNULL'?
As a semi-related question, would a non-FIPS OpenSSL installation still
enforce the same cipher suites but just not be 'officially' validated?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users