Re: OpenSSL 3.0.0 FIPS compatible ECDH-KAS
Adding that should be enough to force only FIPS validated algorithms are used. Just doing that isn't enough, there is more you are going to need to do. E.g. you will need to load the FIPS and base providers either via config or explicitly. It's possible to set the default properties via
OpenSSL 3.0.0 FIPS compatible ECDH-KAS
I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g + openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using the low level ECDH functions similar to what is documented here: