Hi,
I have an application which uses RSA or Diffie Hellman (DH) algorithms for key exchange and RAND_seed and RAND_bytes to generate pseudo random number. Now, I have added FIPS_mode_set(1) to enable FIPS. As per openSSL-fips security policy document, my expectation is DH and RAND_seed and RAND_bytesfunction should not be loaded in FIPS mode. However, these functions are loaded and still working fine even in FIPS mode. Is this expected behaviour? If I want to disable all the non FIPS approved algorithms what is the best practice? I am consuming openSSL-fips-1.2.0 and openSSL-9.8r. Thanks, ~Vimol
