1*e0c4386eSCy Schubertopenssl_conf = openssl_init 2*e0c4386eSCy Schubert 3*e0c4386eSCy Schubert# Comment out the next line to ignore configuration errors 4*e0c4386eSCy Schubertconfig_diagnostics = 1 5*e0c4386eSCy Schubert 6*e0c4386eSCy Schubert.include fipsmodule.cnf 7*e0c4386eSCy Schubert 8*e0c4386eSCy Schubert[openssl_init] 9*e0c4386eSCy Schubertproviders = provider_sect 10*e0c4386eSCy Schubertalg_section = evp_properties 11*e0c4386eSCy Schubert 12*e0c4386eSCy Schubert[evp_properties] 13*e0c4386eSCy Schubert# Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g. 14*e0c4386eSCy Schubert# TEST-RAND). This also means that EVP_default_properties_is_fips_enabled() 15*e0c4386eSCy Schubert# returns the expected value 16*e0c4386eSCy Schubertdefault_properties = "fips=yes" 17*e0c4386eSCy Schubert 18*e0c4386eSCy Schubert[provider_sect] 19*e0c4386eSCy Schubertfips = fips_sect 20