curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RE: libcurl in fips mode

From: Max Dymond via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 31 Jul 2019 08:16:45 +0000

> > Can you please help me with the following question?
> >
> > How do I use libcurl in FIPS mode?

> libcurl has no special provisions for FIPS. If any source code changes or function invokes are necessary, you need to make them.

> OpenSSL FIPS support seems to only exist in the outdated 1.0.2 version and according to https://www.openssl.org/docs/fips/UserGuide-2.0.pdf just linking with a FIPS OpenSSL 1.0.2 is not enough. It then also needs FIPS_mode_set() to be called. (That's a 225 page document and I only skimmed it very casually so I'm far from being knowledgable in this area.)

If you set the kernel command line parameter to "fips=1" on Centos (possibly other OSes) then FIPS_mode_set() gets enabled in OpenSSL automatically at start of day; see docs:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard
https://docs.oracle.com/cd/E37670_01/E36387/html/section_bj5_szv_wp.html

If this isn't a viable solution, then you can also link to OpenSSL and call FIPS_mode_set() within your application before using curl.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-31