fips_config.5ossl - Man Page
OpenSSL FIPS configuration
Description
This command is disabled in Red Hat Enterprise Linux. The FIPS provider is automatically loaded when the system is booted in FIPS mode, or when the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the documentation for more information.
History
This functionality was added in OpenSSL 3.0.
Red Hat Enterprise Linux uses a supplementary config for FIPS module located in OpenSSL configuration directory and managed by crypto policies. If present, it should have format
[fips_sect] tls1-prf-ems-check = 0 activate = 1
The tls1-prf-ems-check option specifies whether FIPS module will require the presence of extended master secret or not.
The activate option enforces FIPS provider activation.
Copyright
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Referenced By
fips_module.7ossl(7), openssl.cnf(5), OSSL_PROVIDER-FIPS.7ossl(7).