Check FIPS mode using POLMAN

You can use the policy manager utility, POLMAN, to evaluate the FIPS mode policy to understand the requirements and adhere to them. To run this utility, you must be in a Proenv command prompt window, which sets the necessary environment variable.

Evaluate FIPS mode policy:
polman get -policy urn:esam:fips140:can-run-without

Response when FIPS mode is enabled: 

OpenEdge FIPS mode is enabled

Response when FIPS mode is disabled: 

OpenEdge FIPS mode is disabled

For more information on the policy manager, see POLMAN.

Check FIPS mode using FIPS-MODE attribute

Developers can check FIPS mode programmatically using SECURITY-POLICY:FIPS-MODE. The AVM sets the read-only SECURITY-POLICY:FIPS-MODE attribute to TRUE when FIPS mode is enabled, FALSE when FIPS mode is disable. For more information, see FIPS-MODE attribute.

List providers

Providers identify the cryptographic modules that supply implementations of algorithms—such as ciphers, digests, key exchange, and random number generation. Use sslc to list the providers. 
sslc list -providers
Output when FIPS mode is enabled:
Providers:
  base
    name: OpenSSL Base Provider
    version: 3.5.2
    status: active
  fips
    name: OpenSSL FIPS Provider
    version: 3.1.2
    status: active

Use the following sslc commands to list available algorithms:

  • Display cipher algorithms:
    sslc list -cipher-algorithms
  • Display the list of digest algorithms:
    sslc list -digest-algorithms
  • Display the list of cipher algorithms:
    sslc list -mac-algorithms