[openssl-users] FIPS mode on Windows
Hubert Kario
hkario at redhat.com
Fri Sep 7 12:59:00 UTC 2018
On Thursday, 6 September 2018 04:18:38 CEST Alessandro Gherardi via openssl-
users wrote:
> I have a question: On Windows, should OpenSSL FIPS automatically enable FIPS
> mode (FIPS_mode_set(1)) if the FIPS registry
> entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithm
> Policy\Enabled is set to 1?
>
> This is to emulate the Linux behavior - if I understand correctly, if Linux
> is configured for FIPS mode, OpenSSL automatically enables FIPS mode.
> Thanks in advance,Alessandro
putting Linux kernel to fips mode (adding `fips=1` to kernel command line) not
necessarily puts the whole system (and thus OpenSSL) into fips mode
please check the module's Security Policy on the NIST Cryptographic Module
Validation Program website to find the authoritative instructions on how to
ensure FIPS mandated behaviour of the module
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180907/7ca62123/attachment.sig>
More information about the openssl-users
mailing list