Back to product page

FIPS property


Specifies FIPS enabled OpenSSL configuration to load.

Type

A String value. Represents full path to fipsmodule.cnf.

Syntax

  • Basic
object.FIPS [= value]  
The FIPS(object,value) syntax has these parts:
objectAn expression evaluating to an object of type wodTunnel.
valueA String value.

Remarks

wodTunnel allows you to go into special FIPS mode by using external FIPS-certified OpenSSL library. You should provide full path to fipsmodule.cnf file in FIPS property to do so, prior to calling Connect method.

When FIPS property is set, wodTunnel internally calls crypto functions from provided library. If loading FIPS fails, error 33016 or 33017 is returned. Please note that if FIPS is set during development and debugging, it will most probably fail - due to debugger being attached to the process and process will be unable to load FIPS library.

You can compile your own FIPS 140-2 certified OpenSSL library to provide to this property, or you can download ours from URL

https://download.weonlydo.com/openssl3_fips.zip

We have compiled library exactly as specified in "OpenSSL FIPS Object Module" UserGuide that can be found at https://docs.openssl.org/3.0/man7/fips_module/ , on clean Windows 11 using "Microsoft Visual Studio 2022". Source was not tampered in any way before compilation process. There are no digital signatures or any other binary changes after the compilation, since it's not our DLL.

If wodTunnel detects that loaded DLL is already used by your application (such as if you want to share same DLL for your own FIPS capable code), FIPS will be automatically used on other wodTunnel instances as well. Note that if your application decides to remove FIPS requirement, it should clear out this property by setting it to empty string. In that case wodTunnel will revert back to internal OpenSSL functions, and so will happen on all wodTunnel instances.

NOTE: this property can be empty, and FIPS will not be enabled - wodTunnel will work as it was working before. We have internally linked non-FIPS version of OpenSSL so wodTunnel does not have any 3rd party requirements for normal usage.

Warning: changing this property also internally changes EncryptionList, HMacList, KeyExchangeList and KeySignatureList properties.

Platforms

Windows