Re: [openssl-users] How do I verify the FIPS mode

Wed, 10 Feb 2016 12:03:53 -0800 

On 02/10/2016 02:56 PM, Lesley Kimmel wrote:
> Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
> have no affect against a non-FIPS enabled OpenSSL. According to some
> posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an
> error as md5 is not an enabled cipher in FIPS mode.

It depends on the version. Recent versions of OpenSSL will give a "FIPS
mode not supported" error for

  env OPENSSL_FIPS=1 openssl md5 ...

Whereas that command for a properly built FIPS-enabled OpenSSL will give
a "not permitted in FIPS mode" error.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to