xref: /openssl-master/doc/man7/fips_module.pod

5 fips_module - OpenSSL fips module guide
14 with the FIPS module. Which is the correct approach to use will depend on your
20 Applications written to use the OpenSSL 3.0 FIPS module should not use any
21 legacy APIs or features that avoid the FIPS module. Specifically this includes:
45 =head2 Making all applications use the FIPS module by default
48 use the FIPS module for cryptographic algorithms by default.
53 FIPS module without the need for any further code changes.
92 FIPS module config file that you installed earlier.
100 made will start using only the FIPS module unless those applications take
105 may be required. It is designed to be used in conjunction with the FIPS module.
108 are required in applications in order to benefit from the FIPS module. There are
115 You may not want all applications to use the FIPS module.
118 FIPS module.
129 The algorithms available in the FIPS module are a subset of the algorithms
137 Usage of certain deprecated APIs avoids the use of the FIPS module.
139 If any applications use those APIs then the FIPS module will not be used.
143 =head2 Selectively making applications use the FIPS module by default
155 whether the FIPS module is loaded) on an application by application basis.
158 applications to use the FIPS module. All the other advantages and disadvantages
161 =head2 Programmatically loading the FIPS module (default library context)
165 FIPS module config data (such as its self test status and integrity data). But
170 L</Making all applications use the FIPS module by default> above, but edit the
174 FIPS module, but it is not automatically loaded when the application starts. The
225 =head2 Loading the FIPS module at the same time as other providers
272 file. The encoder and decoder algorithms are not in the FIPS module itself but
300 =head2 Programmatically loading the FIPS module (nondefault library context)
302 In addition to using properties to separate usage of the FIPS module from other
384 =head2 Using Encoders and Decoders with the FIPS module
396 module boundary. However since they are not cryptographic algorithms themselves
397 it is still possible to use them in conjunction with the FIPS module, and
402 =head2 Using the FIPS module in SSL/TLS
404 Writing an application that uses libssl in conjunction with the FIPS module is
447 =head2 Confirming that an algorithm is being provided by the FIPS module

Last Index update Sun Aug 20 00:18:20 CST 2023