curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Is code change necessary to run libcurl as FIPS in under following conditions?

From: Dipak B via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 11 Aug 2019 02:16:25 +0530

Hi,

I am able to run an application using libcurl in FIPS mode with following
configuration

Help requested
Need opinion from seniors who know libcurl codebase if following is good
from conceptual perspective with respect to libcurl.

a) Built static libcurl using 'FIPS capable OpenSSL'. These OpenSSL libs
were generated earlier as static libraries.

b) In my application, called SSL_Library_Init() followed by FIPS_mode_set()
and other APIs to confirm that FIPS mode is on.

c) Added curl API to do http post using the easy interface.

d) Built my application by linking to static libcurl.lib in point (a) and
static FIPS capable OpenSSL .libs.

3) Wireshark shows +be result.

Questions -

Q1) Conceptual can libcurl work using the CipherSuites selected by FIPS
capable OpenSSL in the above example?

Thus, can we say that libcurl will always be using CipherSuites selected by
the FIPS capable OpenSSL and thus is FIPS compliant.?

Q2) Or are changes to libcurl source code an absolute must to run it in
FIPS compliant mode for above configuration.

Appreciate all inputs.
Regards.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-08-10