How to install certified fips module into debian openssl package version 3.0.11-1~deb12u2 #24229
-
I am looking for way to install debian package version 3.0.11-1~deb12u2 into my system and install some certified fips module (like 3.0.8) into that. I am planning to use some of my application with fips certified algorithm whereas some other may be just using non fips version. Is this possible to achieve? Can you please help. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Can someone please throw some light here. I tried to install fips module of 3.0.8 onto a system where we have 3.0.11 openssl installed. Am I missing any step here? |
Beta Was this translation helpful? Give feedback.
-
Two key settings might be missing:
Example:
OpenSSL fips module guide for reference. Additionally, you can refer to "Selectively making applications use the FIPS module by default" and "Programmatically loading the FIPS module" sections from OpenSSL fips module guide to learn more about selectively using FIPS provider for applications. |
Beta Was this translation helpful? Give feedback.
Two key settings might be missing:
openssl.cnf
should have a.include
directive pointing to the full path offipsmodule.cnf
openssl.cnf
should contain a reference to the fips section name insidefipsmodule.cnf
within[provider_sect]
Example:
openssl list
command should now be able to listfips
as a provider