mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: add "FIPS" details in haproxy -vv

Browse Source 
Add the FIPS mode in haproxy -vv, it need to be activated on the system
with openssl.cnf or by compiling the SSL library with the right options.

Can't work with OpenSSL >= 3.0 because fips a "provider" to load, works
with AWS-LC, WolfSSL and OpenSSL 1.1.1.
This commit is contained in:
William Lallemand 2024-12-12 11:37:42 +01:00
parent 23f670f1f5
commit f97ffb9ec4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -7071,7 +7071,9 @@ static void ssl_register_build_options()
#endif
#endif
"", ptr);
#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
memprintf(&ptr, "%s\nOpenSSL library FIPS mode : %s", ptr, FIPS_mode() ? "yes" : "no");
#endif
memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
if (methodVersions[i].option)