> From: "Dr. Stephen Henson" <st...@openssl.org> > Date: 03/20/15 12:48 > OPENSSL_FIPS=1 openssl ciphers -v > openssl ciphers -v FIPS
Thanks, this works great, on the workstation where I have installed at default development location /usr/loca/ssl/, using OpenSSL 1.0.1.k. However, we have built Debian packages for the target unit, using 1.0.1e. While the example fips_hmac runs fine, we have a problem with openssl itself, which seems to be that the openssl shared object is somehow not FIPS enabled, or, is 1.0.1e lacking in any respect to FIPS mode ? : % ./fips_hmac -v gcrypt_pkglist FIPS mode enabled ret: 1 51dedc633485ccb55f4624763e9d118d6df15b3c % OPENSSL_FIPS=1 openssl ciphers -v 3069818064:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1729: % ldd fips_hmac libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6dbc000) % ldd /usr/bin/openssl libssl.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0 (0xb6f5e000) libcrypto.so.1.0.0 => /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 (0xb6e03000) % openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
