On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote: > The Doctor wrote: >> That being said, how do you get openssl to compile with FIPS >> and be backwards compatable at the same time? > > That is what the FIPS mode is for - the library built supports all > algorithms and when in FIPS mode it disables the use of non-approved > algorithms. > > A single application can work in both FIPS and non-FIPS mode. You can add > in code to choose which mode to be in on a per-connection basis if that is > what your application requires. > > See the usage of FIPS_mode_set() > > Note also that due to an implementation quirk you need to clear the > currently set RNG when switching back into FIPS mode. > > i.e. > RAND_set_rand_method(NULL); > FIPS_set_mode(1); > > Tim. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. >
Apart from me, anyone else tried the fipdso in their configuration as extensively as I have? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God, Queen and country! Beware Anti-Christ rising! Canada vote anything but Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
