[openssl-users] Enforcing FIPS via Cipher Suites Declaration

Lesley Kimmel lesley.j.kimmel at gmail.com
Thu Feb 4 15:13:01 UTC 2016


I'm working with PosgreSQL in a DoD environment and am supposed to enforce
FIPS operation. PostgreSQL doesn't perform a call to FIP_mode_set() but
does provide a configuration item 'ssl_ciphers'. Is there more to FIPS_mode
than I am aware of or would it be functionally equivalent to simply set my
ciphers to something like 'FIPS:!aNULL:!eNULL'?

As a semi-related question, would a non-FIPS OpenSSL installation still
enforce the same cipher suites but just not be 'officially' validated?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160204/975db552/attachment.html>

More information about the openssl-users mailing list