Q. Is there an openssl command to print the the status of the fips enabled?

Jun Aruga jun.aruga at gmail.com
Thu Jul 27 14:50:28 UTC 2023

Hello openssl-users community,

I am curious to know if there is an `openssl` command to print the
status of the "default_properties = fips=yes" that is equivalent with
the C API `EVP_default_properties_is_fips_enabled` when running
OpenSSL with a FIPS OpenSSL configuration file below. Is there a
command for that?

$ cat openssl_fips.cnf
config_diagnostics = 1
openssl_conf = openssl_init

.include /home/jaruga/.local/openssl-3.2.0.dev-fips-debug-06a0d40322/ssl/fipsmodule.cnf

providers = provider_sect
alg_section = algorithm_sect

fips = fips_sect
base = base_sect

activate = 1

default_properties = fips=yes

As a note, I found a command to print the list of the providers. That
is also important to know if the FIPS configuration is properly set.

$ OPENSSL_CONF=$(pwd)/openssl_fips.cnf \
list -providers
    name: OpenSSL Base Provider
    version: 3.2.0
    status: active
    name: OpenSSL FIPS Provider
    version: 3.2.0
    status: active

Thanks for your help!


More information about the openssl-users mailing list