Your company here — click to reach over 10,000 unique daily visitors

fips_config.5ossl - Man Page

OpenSSL FIPS configuration


This command is disabled in Red Hat Enterprise Linux. The FIPS provider is automatically loaded when the system is booted in FIPS mode, or when the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the documentation for more information.


This functionality was added in OpenSSL 3.0.

Red Hat Enterprise Linux uses a supplementary config for FIPS module located in OpenSSL configuration directory and managed by crypto policies. If present, it should have format

 tls1-prf-ems-check = 0
 activate = 1

The tls1-prf-ems-check option specifies whether FIPS module will require the presence of extended master secret or not.

The activate option enforces FIPS provider activation.

Referenced By

fips_module.7ossl(7), openssl.cnf(5), OSSL_PROVIDER-FIPS.7ossl(7).

2024-07-09 3.2.2 OpenSSL