[openssl-users] How do I verify the FIPS mode
cloud.force858 at gmail.com
Wed Feb 10 20:27:50 UTC 2016
Thanks Lesley and Steve for the answers.
On Wed, Feb 10, 2016 at 12:02 PM, Steve Marquess <marquess at openssl.com>
> On 02/10/2016 02:56 PM, Lesley Kimmel wrote:
> > Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
> > have no affect against a non-FIPS enabled OpenSSL. According to some
> > posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an
> > error as md5 is not an enabled cipher in FIPS mode.
> It depends on the version. Recent versions of OpenSSL will give a "FIPS
> mode not supported" error for
> env OPENSSL_FIPS=1 openssl md5 ...
> Whereas that command for a properly built FIPS-enabled OpenSSL will give
> a "not permitted in FIPS mode" error.
> -Steve M.
> Steve Marquess
> OpenSSL Validation Services, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD 21710
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users