How to Enable FIPS on VDDK Proxy VM
Open SSL 3.0 contains a module that conforms to Federal Information Processing
Standards (FIPS), so the proxy VM must run VDDK 8.0.1 or later for Open SSL 3.0
support.
To prepare a VDDK proxy VM to run FIPS, follow these steps:
- Location of the FIPS dynamic library differs. To install on Windows or Linux, run one of these commands:openssl.exe fipsinstall -out \path\of\fipsmodule.cnf -module VDDKpackage\bin\fips.dll openssl fipsinstall -out /path/of/fipsmodule.cnf -module VDDKpackage/lib64/fips.so
- In the Open SSL configuration file, dot-includefipsmodule.cnfmust be updated with an absolute path, and other values should be set as in this example:openssl_conf = openssl_init.include/path/of/fipsmodule.cnf [openssl_init] providers = provider_sect alg_section = algorithm_sect [provider_sect] default = default_sect fips = fips_sect [default_sect] activate = 1 [algorithm_sect] default_properties = "fips=yes"
- Set environment variableOPENSSL_CONFto the path of the Open SSL configuration file. Set environment variableOPENSSL_MODULESto the path offips.dllorfips.so, as above.
- Before VixDiskLib initialization, addvixDiskLib.ssl.enableSslFIPS=1to the VDDK configuration file.
- With FIPS enabled, the VDDK information log will record “SSL is in FIPS mode” whenVixDiskLibInitEx()is called.