[gnutls-help] Alternative to GNUTLS_FORCE_FIPS_MODE ?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Mar 4 18:11:30 CET 2015
On Wed, 2015-03-04 at 10:53 -0500, jonetsu wrote:
> Hello,
>
> As an alternative to having GNUTLS_FORCE_FIPS_MODE=1, would it be possible to observe:
> /proc/sys/crypto/fips_enabled
> Which is set when the kernel runs in FIPS mode.
Currently the support for FIPS is tied to RHEL because this is the
system it was developed and tested on. For that it checks
"/proc/sys/crypto/fips_enabled" and "/etc/system-fips" being present. If
on other systems support for FIPS it is different, or things can be made
more generic I'd appreciate a patch.
regards,
Nikos
More information about the Gnutls-help
mailing list