How define FIPS Cipherstring in openssl3? #23707

vkosuri · 2024-02-28T12:02:48Z

vkosuri
Feb 28, 2024

While I am reading https://wiki.openssl.org/index.php/FIPS_mode_and_TLS the list ciphers that approved in FIPS mode ./openssl ciphers -v 'FIPS:!eNULL:!aNULL'

My question configuring the cipherString like below in openssl.cnf will that work?

# System default
openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_section

[ssl_section]
system_default = system_default_section

[system_default_section]
CipherString = FIPS:!eNULL:!aNULL

[provider_sect]
fips = fips_sect

[fips_sect]
activate = 1

root@fips:/opt/ossl3/bin# ./openssl version -a
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
built on: Wed Feb 28 10:54:36 2024 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
OPENSSLDIR: "/opt/ossl3/bin"
ENGINESDIR: "/opt/ossl3/lib64/engines-3"
MODULESDIR: "/opt/ossl3/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfefa32034f8bffff:0x2c1

root@fips:/opt/ossl3/bin# ./openssl list -providers
Providers:
  base
    name: OpenSSL Base Provider
    version: 3.0.13
    status: active
  default
    name: OpenSSL Default Provider
    version: 3.0.13
    status: active
  fips
    name: OpenSSL FIPS Provider
    version: 3.0.13
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.13
    status: active
  null
    name: OpenSSL Null Provider
    version: 3.0.13
    status: active
root@fips:/opt/ossl3/bin#

List FIPS-approved ciphers.

root@fips:/opt/ossl3/bin# ./openssl ciphers -v 'FIPS:!eNULL:!aNULL'
TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-DSS-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=DSS   Enc=AESGCM(256)            Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD
DHE-DSS-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=DSS   Enc=AESGCM(128)            Mac=AEAD
DHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES256-SHA384      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA384
ECDHE-RSA-AES256-SHA384        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA384
DHE-RSA-AES256-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA256
DHE-DSS-AES256-SHA256          TLSv1.2 Kx=DH       Au=DSS   Enc=AES(256)               Mac=SHA256
ECDHE-ECDSA-AES128-SHA256      TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA256
ECDHE-RSA-AES128-SHA256        TLSv1.2 Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-RSA-AES128-SHA256          TLSv1.2 Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-DSS-AES128-SHA256          TLSv1.2 Kx=DH       Au=DSS   Enc=AES(128)               Mac=SHA256
ECDHE-ECDSA-AES256-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(256)               Mac=SHA1
ECDHE-RSA-AES256-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(256)               Mac=SHA1
DHE-RSA-AES256-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(256)               Mac=SHA1
DHE-DSS-AES256-SHA             SSLv3   Kx=DH       Au=DSS   Enc=AES(256)               Mac=SHA1
ECDHE-ECDSA-AES128-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(128)               Mac=SHA1
ECDHE-RSA-AES128-SHA           TLSv1   Kx=ECDH     Au=RSA   Enc=AES(128)               Mac=SHA1
DHE-RSA-AES128-SHA             SSLv3   Kx=DH       Au=RSA   Enc=AES(128)               Mac=SHA1
DHE-DSS-AES128-SHA             SSLv3   Kx=DH       Au=DSS   Enc=AES(128)               Mac=SHA1
RSA-PSK-AES256-GCM-SHA384      TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-PSK-AES256-GCM-SHA384      TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESGCM(256)            Mac=AEAD
AES256-GCM-SHA384              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(256)            Mac=AEAD
PSK-AES256-GCM-SHA384          TLSv1.2 Kx=PSK      Au=PSK   Enc=AESGCM(256)            Mac=AEAD
RSA-PSK-AES128-GCM-SHA256      TLSv1.2 Kx=RSAPSK   Au=RSA   Enc=AESGCM(128)            Mac=AEAD
DHE-PSK-AES128-GCM-SHA256      TLSv1.2 Kx=DHEPSK   Au=PSK   Enc=AESGCM(128)            Mac=AEAD
AES128-GCM-SHA256              TLSv1.2 Kx=RSA      Au=RSA   Enc=AESGCM(128)            Mac=AEAD
PSK-AES128-GCM-SHA256          TLSv1.2 Kx=PSK      Au=PSK   Enc=AESGCM(128)            Mac=AEAD
AES256-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA256
AES128-SHA256                  TLSv1.2 Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384    TLSv1   Kx=ECDHEPSK Au=PSK   Enc=AES(256)               Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA       TLSv1   Kx=ECDHEPSK Au=PSK   Enc=AES(256)               Mac=SHA1
RSA-PSK-AES256-CBC-SHA384      TLSv1   Kx=RSAPSK   Au=RSA   Enc=AES(256)               Mac=SHA384
DHE-PSK-AES256-CBC-SHA384      TLSv1   Kx=DHEPSK   Au=PSK   Enc=AES(256)               Mac=SHA384
RSA-PSK-AES256-CBC-SHA         SSLv3   Kx=RSAPSK   Au=RSA   Enc=AES(256)               Mac=SHA1
DHE-PSK-AES256-CBC-SHA         SSLv3   Kx=DHEPSK   Au=PSK   Enc=AES(256)               Mac=SHA1
AES256-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(256)               Mac=SHA1
PSK-AES256-CBC-SHA384          TLSv1   Kx=PSK      Au=PSK   Enc=AES(256)               Mac=SHA384
PSK-AES256-CBC-SHA             SSLv3   Kx=PSK      Au=PSK   Enc=AES(256)               Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256    TLSv1   Kx=ECDHEPSK Au=PSK   Enc=AES(128)               Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA       TLSv1   Kx=ECDHEPSK Au=PSK   Enc=AES(128)               Mac=SHA1
RSA-PSK-AES128-CBC-SHA256      TLSv1   Kx=RSAPSK   Au=RSA   Enc=AES(128)               Mac=SHA256
DHE-PSK-AES128-CBC-SHA256      TLSv1   Kx=DHEPSK   Au=PSK   Enc=AES(128)               Mac=SHA256
RSA-PSK-AES128-CBC-SHA         SSLv3   Kx=RSAPSK   Au=RSA   Enc=AES(128)               Mac=SHA1
DHE-PSK-AES128-CBC-SHA         SSLv3   Kx=DHEPSK   Au=PSK   Enc=AES(128)               Mac=SHA1
AES128-SHA                     SSLv3   Kx=RSA      Au=RSA   Enc=AES(128)               Mac=SHA1
PSK-AES128-CBC-SHA256          TLSv1   Kx=PSK      Au=PSK   Enc=AES(128)               Mac=SHA256
PSK-AES128-CBC-SHA             SSLv3   Kx=PSK      Au=PSK   Enc=AES(128)               Mac=SHA1

Answered by StephenWall

Mar 13, 2024

Enabling FIPS mode globally via openssl.cnf or via application code will limit the applicaiton to using only FIPS approved ciphers regardless of what your cipher selection is. Your cipher selection may limit it further, but can never allow a non-FIPS cipher. For example, on a FreeBSD system I have with OpenSSL 3.0.12, FIPS provider 3.0.9, and FIPS enabled, openssl ciphers ALL and openssl ciphers DEFAULT both produce the same list of ciphers, while openssl ciphers HIGH produces a smaller list. In all cases, all the ciphers meet the FIPS 140-2 requirements at the time 3.0.9 was approved.

View full answer

vkosuri · 2024-03-04T18:31:04Z

vkosuri
Mar 4, 2024
Author

some part of the question is related to this question #23457

0 replies

StephenWall · 2024-03-13T21:43:20Z

StephenWall
Mar 13, 2024

Enabling FIPS mode globally via openssl.cnf or via application code will limit the applicaiton to using only FIPS approved ciphers regardless of what your cipher selection is. Your cipher selection may limit it further, but can never allow a non-FIPS cipher. For example, on a FreeBSD system I have with OpenSSL 3.0.12, FIPS provider 3.0.9, and FIPS enabled, openssl ciphers ALL and openssl ciphers DEFAULT both produce the same list of ciphers, while openssl ciphers HIGH produces a smaller list. In all cases, all the ciphers meet the FIPS 140-2 requirements at the time 3.0.9 was approved.

1 reply

StephenWall Mar 14, 2024

Also note that the wiki page you linked is for OpenSSL 1.0.2 only, and is not relevant to OpenSSL 3.
You'll also need to enable the base provider in your configuration.

The base provider does not include any cryptographic algorithms (and therefore does not impact the validation status of any cryptographic operations), but does include other supporting algorithms that may be required. It is designed to be used in conjunction with the FIPS module.

Settings from the fips_module(7) man page that I've been using:

config_diagnostics = 1
openssl_conf = openssl_init

.include /path/to/fipsmodule.cnf

[openssl_init]
providers = provider_sect
alg_section = algorithm_sect

[provider_sect]
fips = fips_sect
base = base_sect

[algorithm_sect]
default_properties = fips=yes

[base_sect]
activate = 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How define FIPS Cipherstring in openssl3? #23707

{{title}}

Replies: 2 comments 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

How define FIPS Cipherstring in openssl3? #23707

vkosuri Feb 28, 2024

Replies: 2 comments · 1 reply

vkosuri Mar 4, 2024 Author

StephenWall Mar 13, 2024

StephenWall Mar 14, 2024

vkosuri
Feb 28, 2024

Replies: 2 comments 1 reply

vkosuri
Mar 4, 2024
Author

StephenWall
Mar 13, 2024