RE: libcurl in fips mode

> > Can you please help me with the following question?
> >
> > How do I use libcurl in FIPS mode?

> libcurl has no special provisions for FIPS. If any source code changes or function invokes are necessary, you need to make them.

> OpenSSL FIPS support seems to only exist in the outdated 1.0.2 version and according to https://www.openssl.org/docs/fips/UserGuide-2.0.pdf just linking with a FIPS OpenSSL 1.0.2 is not enough. It then also needs FIPS_mode_set() to be called. (That's a 225 page document and I only skimmed it very casually so I'm far from being knowledgable in this area.)

If you set the kernel command line parameter to "fips=1" on Centos (possibly other OSes) then FIPS_mode_set() gets enabled in OpenSSL automatically at start of day; see docs:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard
https://docs.oracle.com/cd/E37670_01/E36387/html/section_bj5_szv_wp.html

If this isn't a viable solution, then you can also link to OpenSSL and call FIPS_mode_set() within your application before using curl.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-31