How to Enable FIPS on VDDK Proxy VM

Open SSL 3.0 contains a module that conforms to Federal Information Processing Standards (FIPS), so the proxy VM must run VDDK 8.0.1 or later for Open SSL 3.0 support.
To prepare a VDDK proxy VM to run FIPS, follow these steps:
  1. Location of the FIPS dynamic library differs. To install on Windows or Linux, run one of these commands:
    openssl.exe fipsinstall -out \path\of\fipsmodule.cnf -module VDDKpackage\bin\fips.dll openssl fipsinstall -out /path/of/fipsmodule.cnf -module VDDKpackage/lib64/fips.so
  2. In the Open SSL configuration file, dot-include
    fipsmodule.cnf
    must be updated with an absolute path, and other values should be set as in this example:
    openssl_conf = openssl_init
    .include
    /path/of/fipsmodule.cnf [openssl_init] providers = provider_sect alg_section = algorithm_sect [provider_sect] default = default_sect fips = fips_sect [default_sect] activate = 1 [algorithm_sect] default_properties = "fips=yes"
  3. Set environment variable
    OPENSSL_CONF
    to the path of the Open SSL configuration file. Set environment variable
    OPENSSL_MODULES
    to the path of
    fips.dll
    or
    fips.so
    , as above.
  4. Before VixDiskLib initialization, add
    vixDiskLib.ssl.enableSslFIPS=1
    to the VDDK configuration file.
  5. With FIPS enabled, the VDDK information log will record “SSL is in FIPS mode” when
    VixDiskLibInitEx()
    is called.