Hi, I am able to run an application using libcurl in FIPS mode with following configuration
Help requested Need opinion from seniors who know libcurl codebase if following is good from conceptual perspective with respect to libcurl. a) Built static libcurl using 'FIPS capable OpenSSL'. These OpenSSL libs were generated earlier as static libraries. b) In my application, called SSL_Library_Init() followed by FIPS_mode_set() and other APIs to confirm that FIPS mode is on. c) Added curl API to do http post using the easy interface. d) Built my application by linking to static libcurl.lib in point (a) and static FIPS capable OpenSSL .libs. 3) Wireshark shows +be result. Questions - Q1) Conceptual can libcurl work using the CipherSuites selected by FIPS capable OpenSSL in the above example? Thus, can we say that libcurl will always be using CipherSuites selected by the FIPS capable OpenSSL and thus is FIPS compliant.? Q2) Or are changes to libcurl source code an absolute must to run it in FIPS compliant mode for above configuration. Appreciate all inputs. Regards.
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
