man 5 fips_config

FIPS_CONFIG(5ossl)                  OpenSSL                 FIPS_CONFIG(5ossl)

NAME
       fips_config - OpenSSL FIPS configuration

DESCRIPTION
       This command is disabled in Red Hat Enterprise Linux. The FIPS provider
       is automatically loaded when the system is booted in FIPS mode, or when
       the environment variable OPENSSL_FORCE_FIPS_MODE is set. See the
       documentation for more information.

HISTORY
       This functionality was added in OpenSSL 3.0.

       Red Hat Enterprise Linux uses a supplementary config for FIPS module
       located in OpenSSL configuration directory and managed by crypto
       policies. If present, it should have format

        [fips_sect]
        tls1-prf-ems-check = 0
        activate = 1

       The tls1-prf-ems-check option specifies whether FIPS module will
       require the presence of extended master secret or not.

       The activate option enforces FIPS provider activation.

COPYRIGHT
       Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.2.2                             2025-01-29                FIPS_CONFIG(5ossl)