Hi I am new to python and I am trying to run mitmproxy <https://mitmproxy.org/>in fips mode. It uses cryptography <https://github.com/mitmproxy/mitmproxy/issues/1808>. Since its built on top of python i thought we need to make my python use fips openssl and enable fips mode in it.
I compiled python 3.6 against fips openssl and along with exposing functions to enabled fips mode in it as explained here <https://stackoverflow.com/questions/49493537/how-to-implement-fips-mode-and-fips-mode-set-in-python-3-6s-ssl-module> . Python shows that it uses fips openssl nsroot@Egress-1:~/openssl$ python3 Python 3.6.4 (default, Jan 10 2019, 21:10:38) [GCC 5.4.0 20160609] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> ssl.OPENSSL_VERSION *'OpenSSL 1.0.2q-fips 20 Nov 2018'* But when i do following i see different version nsroot@Egress-1:~/python$ python3 Python 3.6.4 (default, Jan 10 2019, 21:10:38) [GCC 5.4.0 20160609] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from OpenSSL import SSL >>> print("OpenSSL: {}".format(SSL.SSLeay_version(SSL.SSLEAY_VERSION).decode()),) *OpenSSL: OpenSSL 1.1.0j 20 Nov 2018* So i guess i am getting different version because cryptography comes with its own version of openssl as mentioned here https://cryptography.io/en/latest/installation/#using-your-own-openssl-on-linux Looking at the documentation it looks like its tested with fips openssl https://cryptography.io/en/latest/installation/#supported-platforms. The link <https://cryptography.io/en/latest/installation/#using-your-own-openssl-on-linux> doesn't explain in detail how we can compile cryptography step by step with any custom openssl here in my case with fips openssl. Is there any other link or documentation which i can follow to compile cryptography against fips openssl? Any help is appreciated. Also once its compiled against fips openssl how do we enable fips mode in it. Openssl documentation says the application should call FIPS_mode_set() to be really in FIPS mode. How do we do it for the openssl used by cryptography so that the application mitmproxy uses FIPS crypto. Thanks Krishna kumar
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
