Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6478
| From | bhaskarvilles@duck.com |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: Fips Module Config |
| Date | 2025-10-29 08:00 +0100 |
| Message-ID | <LL8k1-8PnF-1@gated-at.bofh.it> (permalink) |
| References | <LKZJL-8JpN-5@gated-at.bofh.it> <LL8k1-8PnF-3@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Debian’s OpenSSL 3.x (as in Trixie and Bookworm) uses the new provider-based architecture, and openssl-provider-fips is exactly what enables FIPS 140-2 mode. However, OpenSSL itself doesn’t automatically go into “FIPS mode” just because you installed the module; it needs to be explicitly configured and validated. On Wed, Oct 29, 2025 at 3:17 AM Robert A Wooldridge < bob.wooldridge_at_edm-inc.com_bhaskarvilles@duck.com> wrote: > Hello, My company has been using Debian servers since 2002. We have US Gov > contracts and in the near future would like to make some of our servers > fips 140-2 compliant. I have a test server set up usi > *DuckDuckGo* did not detect any trackers. More > <https://duckduckgo.com/-s1GamK2LlA9I-PlJqZd7ZSQHrB-OEMwY3NWx3FImUcOP5iiqScsTWfYFZfdXCMPjKzywpBzQCAEqcYQ4sRZa_0ILKAdKMVnBwvTzxuecRwnyBMj4oWs55w9Ha3bnbnfHdYLlIMFTTmr7eqwP64pyBPqg2ktacFLA0Po5cVf4IXBl8w8E5ueIaYE8JSo-HiS0uJ15jur9VoK2tRNFoBYKCQpoLuNs6-wsjbJCr7LYgQ> > Unable to verify sender identity > Report Spam > <https://duckduckgo.com/-s1GamK2LlA9I-PlJqZd7ZSQHrB-OEMwY3NWx3FImUcOP5iiqScsTWfYFZfdXCMPjKzywpBzQCAEqcYQ4sRZa_0ILKAdKMVnBwvTzxuecRwnyBMj4oWs55w9Ha3bnbnfHdYLlIMFTTmr7eqwP64pyBPqg2ktacFLA0Po5cVf4IXBl8w8E5ueIaYE8JSo-HiS0uJ15jur9VoK2tRNFoBYKCQpoLuNs6-wsjbJCr7LYgQ> > > Hello, > > My company has been using Debian servers since 2002. We have US Gov > contracts and in the near future would like to make some of our servers > fips 140-2 compliant. I have a test server set up using Trixie but I'm > having trouble understanding how to configure openssl with the fips > module. > > I have installed openssl-provider-fips package which I see provides > /usr/lib/x86_64-linux-gnu/ossl-modules/fips.so and I've generated a > fips.cnf file as well as updated /etc/ssl/openssl.cnf but I'm not sure what > to do after this. Can you someone give me some tips or point me in the > right direction? > > > > -- > *Bob Wooldridge* > rw@edm-inc.com <bob.wooldridge@edm-inc.com> > *EDM Incorporated* >
Back to linux.debian.security | Previous | Next — Previous in thread | Find similar
Fips Module Config Robert A Wooldridge <bob.wooldridge@edm-inc.com> - 2025-10-28 22:50 +0100 Re: Fips Module Config bhaskarvilles@duck.com - 2025-10-29 08:00 +0100
csiph-web