> I have some doudt regarding fips capbable openssl... If in my system , > one of the my application gets into fips mode .. whether that going to > effect other application to use fips enabled cryptography alogorithm..
No. > I have seen in some fips enabled library, if one application gets into > fips mode , whole library will be in > fips mode and all the application in the system will be in fips mode. I don't believe this. I don't see how any system could do this and still meet the various FIPS requirements for integrity checking and isolation. > is this true for openssl ? Is the fips enabled at system level or application . Your notion of "system level" seems incoherent to me. It would be an absolute disaster if one user could put another user's applications into FIPS mode and stop them from interoperating with, say, systems that used MD5 signatures (when the user who ran that program intended that to work). Nobody would design such an obviously broken system. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org