table of contents
FIPS_CONFIG(5ossl) | OpenSSL | FIPS_CONFIG(5ossl) |
NAME¶
fips_config - OpenSSL FIPS configuration
DESCRIPTION¶
This command is disabled in SUSE/openSUSE. The FIPS provider is automatically loaded when the system is booted in FIPS mode, or when the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the documentation for more information.
HISTORY¶
This functionality was added in OpenSSL 3.0.
SUSE Enterprise Linux uses a supplementary config for FIPS module located in OpenSSL configuration directory and managed by crypto policies. If present, it should have format
[fips_sect] tls1-prf-ems-check = 0 activate = 1
The tls1-prf-ems-check option specifies whether FIPS module will require the presence of extended master secret or not.
The activate option enforces FIPS provider activation.
COPYRIGHT¶
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
2024-11-12 | 3.2.3 |