[openssl-users] How do I verify the FIPS mode

cloud force cloud.force858 at gmail.com
Wed Feb 10 20:27:50 UTC 2016


Thanks Lesley and Steve for the answers.

Rich


On Wed, Feb 10, 2016 at 12:02 PM, Steve Marquess <marquess at openssl.com>
wrote:

> On 02/10/2016 02:56 PM, Lesley Kimmel wrote:
> > Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
> > have no affect against a non-FIPS enabled OpenSSL. According to some
> > posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an
> > error as md5 is not an enabled cipher in FIPS mode.
>
> It depends on the version. Recent versions of OpenSSL will give a "FIPS
> mode not supported" error for
>
>   env OPENSSL_FIPS=1 openssl md5 ...
>
> Whereas that command for a properly built FIPS-enabled OpenSSL will give
> a "not permitted in FIPS mode" error.
>
> -Steve M.
>
> --
> Steve Marquess
> OpenSSL Validation Services, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD  21710
> USA
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160210/719904e0/attachment.html>


More information about the openssl-users mailing list