1FIPS_CONFIG(5ossl) OpenSSL FIPS_CONFIG(5ossl)
2
3
4
6 fips_config - OpenSSL FIPS configuration
7
9 This command is disabled in Red Hat Enterprise Linux. The FIPS provider
10 is automatically loaded when the system is booted in FIPS mode, or when
11 the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the
12 documentation for more information.
13
15 This functionality was added in OpenSSL 3.0.
16
17 Red Hat Enterprise Linux uses a supplementary config for FIPS module
18 located in OpenSSL configuration directory and managed by crypto
19 policies. If present, it should have format
20
21 [fips_sect]
22 tls1-prf-ems-check = 0
23 activate = 1
24
25 The tls1-prf-ems-check option specifies whether FIPS module will
26 require the presence of extended master secret or not.
27
28 The activate option enforces FIPS provider activation.
29
31 Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
32
33 Licensed under the Apache License 2.0 (the "License"). You may not use
34 this file except in compliance with the License. You can obtain a copy
35 in the file LICENSE in the source distribution or at
36 <https://www.openssl.org/source/license.html>.
37
38
39
403.1.1 2023-08-31 FIPS_CONFIG(5ossl)