OpenSSL FIPS mode for libcurl

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL FIPS mode for libcurl

Dipak B
Hi,

I am able to run an application using libcurl which in turn uses OpenSSL in FIPS mode with following configuration

Help requested
Need opinion from seniors who know OpenSSL and libcurl codebase if following is good from conceptual perspective with respect to OpenSSL, libcurl.

a) Built static libcurl using 'FIPS capable OpenSSL'. These OpenSSL libs were generated earlier as static libraries.

b) In my application, called SSL_Library_Init() followed by FIPS_mode_set() and other APIs to confirm that FIPS mode is on.

c) Added curl API to do http post using the easy interface.

d) Built my application by linking to static libcurl.lib in point (a) and static FIPS capable OpenSSL .libs.

3) Wireshark shows +be result.

Questions -

Q1) Conceptually, can libcurl work using the CipherSuites selected by FIPS capable OpenSSL in the above example?

Thus, can we say that libcurl will always be using CipherSuites selected by the FIPS capable OpenSSL and thus is FIPS compliant.?


Q2) Or are changes to libcurl source code an absolute must to run it in FIPS compliant mode for above configuration.

Appreciate all inputs.
Regards.