NAME¶

fips_config - OpenSSL FIPS configuration

DESCRIPTION¶

This command is disabled in Red Hat Enterprise Linux. The FIPS provider is automatically loaded when the system is booted in FIPS mode, or when the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the documentation for more information.

Red Hat Enterprise Linux uses a supplementary config for FIPS module located in OpenSSL configuration directory and managed by crypto policies. If present, it should have format

 [fips_sect]
 tls1-prf-ems-check = 0
 activate = 1

The tls1-prf-ems-check option specifies whether FIPS module will require the presence of extended master secret or not.

The activate option enforces FIPS provider activation.

COPYRIGHT¶

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.

2024-02-21

3.0.7

Source file:	fips_config.5ossl.en.gz (from openssl 3.0.7-27.el9)
Source last updated:	2024-05-07 07:45:09
Converted to HTML:	2024-06-22 22:17:04