By default, the non FIPS 140-capable OpenSSL implementation is active in Oracle Solaris. However, you can choose the security for your system and select implementation that you want.
$ pkg mediator -a openssl
Caution - The OpenSSL implementation to which you are switching must exist in the system. Otherwise, if you switch to an implementation that is not in the system, the system might become unusable. |
# pkg set-mediator [--be-name name] -I implementation openssl
where implementation is either default or fips-140 and name is a name for a new clone of the current boot environment. The clone will have the specified implementation active.
For more information about the pkg set-mediator command, see Changing the Preferred Application in Adding and Updating Software in Oracle Solaris 11.2 .
# pkg mediator openssl
This example changes a system's OpenSSL implementation to be FIPS 140 capable.
# pkg mediator -a openssl MEDIATOR VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl vendor vendor default openssl system system fips-140 # pkg set-mediator --be-name BE2 -I fips-140 openssl # reboot # pkg mediator openssl MEDIATOR VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl vendor vendor default