VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

How to Enable FIPS on VDDK Proxy VM

Open SSL 3.0 contains a module that conforms to Federal Information Processing Standards (FIPS), so the proxy VM must run VDDK 8.0.1 or later for Open SSL 3.0 support.
To prepare a VDDK proxy VM to run FIPS, follow these steps:
  1. Location of the FIPS dynamic library differs. To install on Windows or Linux, run one of these commands:
    openssl.exe fipsinstall -out \path\of\fipsmodule.cnf -module VDDKpackage\bin\fips.dll
openssl fipsinstall -out /path/of/fipsmodule.cnf -module VDDKpackage/lib64/fips.so
  2. In the Open SSL configuration file, dot-include
    fipsmodule.cnf
     must be updated with an absolute path, and other values should be set as in this example:
    openssl_conf = openssl_init

    .include
     /path/of/fipsmodule.cnf
[openssl_init]
providers = provider_sect
alg_section = algorithm_sect
[provider_sect]
default = default_sect
fips = fips_sect
[default_sect]
activate = 1
[algorithm_sect]
default_properties = "fips=yes"
  3. Set environment variable
    OPENSSL_CONF
     to the path of the Open SSL configuration file. Set environment variable
    OPENSSL_MODULES
     to the path of
    fips.dll
     or
    fips.so
    , as above.
  4. Before VixDiskLib initialization, add
    vixDiskLib.ssl.enableSslFIPS=1
     to the VDDK configuration file.
  5. With FIPS enabled, the VDDK information log will record “SSL is in FIPS mode” when
    VixDiskLibInitEx()
     is called.

Content feedback and comments