[openssl-users] FIPS mode on Windows

Alessandro Gherardi alessandro.gherardi at yahoo.com
Fri Sep 7 14:18:48 UTC 2018

 Thank you for your reply.
Looking at the OpenSSL FIPS Security Policy https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1747.pdf, I see the following statement:
"The Module requires an initialization sequence (see IG 9.5): the calling application invokes FIPS_mode_set(), which returns a “1” for success and “0” for failure.  If FIPS_mode_set() fails then all cryptographic services fail from then on.  The application can test to see if FIPS  mode has been successfully performed."
Therefore, for OpenSSL to switch to FIPS mode, it is required that the application call FIPS_mode_set(1).
Can you please confirm that my understanding is now correct?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180907/5c42b9dd/attachment.html>

More information about the openssl-users mailing list