Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Once I have the FIPS crypto built, how do I use OpenSSL so that all SSL crypto work is done using that FIPS crypto?

built crypto FIPS OpenSSL SSL
0
Posted

Once I have the FIPS crypto built, how do I use OpenSSL so that all SSL crypto work is done using that FIPS crypto?

0 CommentsAdd a Comment

1 Answer

0

You have to specify a crypto suite that only contains DSA, 3DES, AES, DH, RSA, SHA-1/SHA-2. Those and DH are all that are currently implemented as FIPS modules. Applications do need minor modification to switch on FIPS mode (it is optional by design), and also typically to avoid using unapproved algorithms (which in general don’t work in FIPS mode). Consideration is being given to having it optionally (at build time, of course) start out switched on, but given that very few apps can actually run correctly in FIPS mode without some modification, the motivation for that is not huge.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123