OpenSSL And OpenSSH On CentOS (FIPS Enabled)

Home » CentOS » OpenSSL And OpenSSH On CentOS (FIPS Enabled)
CentOS 1 Comment

Hi experts,

Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions?

Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html

And according to the CentOS forum, if we enabled FIPS mode on CentOS, then OpenSSL will also be in FIPS mode https://www.CentOS.org/forums/viewtopic.php?t

One thought on - OpenSSL And OpenSSH On CentOS (FIPS Enabled)

  • http://stackoverflow.com/questions/18616573/how-to-check-fips-140-2-support-in-openssl

    But, having said that, you should note that FIPS is a certification that applies to specific products. You can enable “FIPS mode” but no CentOS
    systems are FIPS certified. If you require certification, you must use a Red Hat product.

    Look at the document you linked to, again. It describes specifics with regard to OpenSSH. Verify that sshd is configured according to the documentation, and follow the advice when generating host and user keys.