Adding that should be enough to force only FIPS validated algorithms are
used.
Just doing that isn't enough, there is more you are going to need to
do. E.g. you will need to load the FIPS and base providers either via
config or explicitly.
It's possible to set the default properties via con
I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g +
openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using
the low level ECDH functions similar to what is documented here:
https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#Using_the_Low_Level
