OpenSSL 3.0.0 FIPS compatible ECDH-KAS

Kory Hamzeh kory at
Wed Sep 22 17:44:30 UTC 2021

I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g + openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using the low level ECDH functions similar to what is documented here:

According to the OpenSSL 3.0.0 Wiki, I MUST rewrite my code to use the high level EVP functions if I want FIPS compatibility. If so, I was going to follow the EVP example at the top of the same URL above.

However, I can use some help. Using the EVP example on that page, when and which methods do I need to fetch? If I just add this at the top:

  EVP_set_default_properties(NULL, "fips=yes”);

will that be enough?


More information about the openssl-users mailing list