openssl FIPS mode
Alan DeKok
aland at deployingradius.com
Fri Nov 8 07:53:31 UTC 2024
On Nov 7, 2024, at 6:46 PM, Timothy J. Ebben via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Thank you for your advice. I was misled by an out-of-date reference. According to the following link, FreeRADIUS can be used with FIPS mode:
> https://networkradius.com/articles/2020/10/28/freeradius-fips.html
>
> Specifically:
>> FreeRADIUS just passes a special flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW to the OpenSSL APIs!
>
> Unfortunately, that flag has no effect in openssl version 3. Perhaps the above documentation could be updated.
It appears that OpenSSL3 change the behavior of their APIs. We'll take a look.
Alan DeKok.
More information about the Freeradius-Users
mailing list