> > Can you please help me with the following question? > > > > How do I use libcurl in FIPS mode?
> libcurl has no special provisions for FIPS. If any source code changes or > function invokes are necessary, you need to make them. > OpenSSL FIPS support seems to only exist in the outdated 1.0.2 version and > according to https://www.openssl.org/docs/fips/UserGuide-2.0.pdf just linking > with a FIPS OpenSSL 1.0.2 is not enough. It then also needs FIPS_mode_set() > to be called. (That's a 225 page document and I only skimmed it very casually > so I'm far from being knowledgable in this area.) If you set the kernel command line parameter to "fips=1" on Centos (possibly other OSes) then FIPS_mode_set() gets enabled in OpenSSL automatically at start of day; see docs: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard https://docs.oracle.com/cd/E37670_01/E36387/html/section_bj5_szv_wp.html If this isn't a viable solution, then you can also link to OpenSSL and call FIPS_mode_set() within your application before using curl. ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
