Re: /proc/sys/crypto/fips_enabled=1 is this enough to make OpenSSL to change its mode to FIPS?
On 05/12/2017 05:17 PM, Hareesh Joshi wrote:
> I've a CentOS machine with
> 1. FIPS capable OpenSSL module installed
> 2. Kernel switched to FIPS with /proc/sys/crypto/fips_enabled=1
> Will this make OpenSSL to switch to FIPS mode as well? Or do I
> necessarily need to use OPENSSL_FIPS=1 ?
OpenSSL and the OpenSSL FIPS Object Module ignore
/proc/sys/crypto/fips_enabled, that is presumably used by the Red Hat
modified version of OpenSSL. You'll need to check with them about how