When I execute "openssl version" I get the following version of openssl
OpenSSL 1.0.2k-fips 26 Jan 2017
But I need to use elliptic curves which are not FIPS.
If I download and compile openssl from the source, these curves are available. But not in the openssl version with the -fips name extension.
openssl non-fips crypto suites
Re: openssl non-fips crypto suites
The version of openssl in CentOS is inherited directly from the version included in RHEL 7 and Redhat remove some of the ciphers etc from the source due to patent/licensing concerns. To get those enabled in the distro you'd need to ask Redhat to enable them in RHEL via bugzilla.redhat.com.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: openssl non-fips crypto suites
So there is not a configuration file which enables the additional ciphers? Because my OS is not running in FIPS mode.
And if I need to download and recompile openssl. Can anyone provide guidelines which ensure that the new openssl version is used by the apache httpd mod_ssl module ?
And if I need to download and recompile openssl. Can anyone provide guidelines which ensure that the new openssl version is used by the apache httpd mod_ssl module ?
Re: openssl non-fips crypto suites
FIPS mode has nothing to do with it. It's patent and licensing concerns that dictate which ciphers Redhat choose to include.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke