# FIPS mode



## np1 (May 18, 2021)

Hi,
I need to build/use a FIPS-compliant version of FreeBSD and I don't need VPN stuff.
Is it possible?
Thanks


----------



## decuser (May 19, 2021)

Sure. There’s no magic enable-fips button. Just use FIPS approved crypto for your storage and communications. You may be used to Windows’s enable FIPS setting which does practically nothing other than prevent you from using more modern algorithms(as well as other unapproved algs) for those services it monitors.


----------



## np1 (May 20, 2021)

Is it possible to build OpenSSL contained in base in fips-mode?


----------



## T-Daemon (May 20, 2021)

np1 said:


> Is it possible to build OpenSSL contained in base in fips-mode?



If the case is a FIPS 140-2 validated module then no: https://github.com/freebsd/freebsd-src/blob/main/crypto/openssl/README.FIPS


----------



## gessel (Oct 8, 2022)

security/openssl-devel was certified to FIPS 140-2 on 2022-08-23; certificate #4282.

The FIPS module option defaults to on.  Note the port hasn't been updated yet (2022-10-08) to reflect the certificate issuance.  
FIPS 140-3 will be required before 2026, the project indicates that should be part of version 3.1 and may be certified sometime in 2024 (the certification process timeline is non-deterministic).


----------

