Static OpenSSL 3 library with FIPS

Matt Caswell matt at openssl.org
Fri Mar 25 20:22:02 UTC 2022



On 25/03/2022 18:33, Paul Spencer wrote:
> Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?
> 
> This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and 
> special linking in the Makefile). However, with SSL3, if I go
> 
> Configure no-module enable-fips
> 
> then it silently disables FIPS. Is there any way to do this?
> 

You can have a static libcrypto (.a) with a dynamically loaded FIPS 
module (i.e. using fips.so).

Configure no-shared enable-fips

You cannot have a statically linked FIPS module. It was a day 1 design 
decision that we would no longer support this.

Matt


More information about the openssl-users mailing list