Open SSL 3.0 contains a module that conforms to Federal Information Processing Standards (FIPS), so the proxy VM must run VDDK 8.0.1 or later for Open SSL 3.0 support.

To prepare a VDDK proxy VM to run FIPS, follow these steps:

1. Location of the FIPS dynamic library differs. To install on Windows or Linux, run one of these commands:

   openssl.exe fipsinstall -out \path\of\fipsmodule.cnf -module VDDKpackage\bin\fips.dll
   openssl fipsinstall -out /path/of/fipsmodule.cnf -module VDDKpackage/lib64/fips.so

2. In the Open SSL configuration file, dot-include fipsmodule.cnf must be updated with an absolute path, and other values should be set as in this example:

   openssl_conf = openssl_init
   .include /path/of/fipsmodule.cnf
   [openssl_init]
   providers = provider_sect
   alg_section = algorithm_sect
   [provider_sect]
   default = default_sect
   fips = fips_sect
   [default_sect]
   activate = 1
   [algorithm_sect]
   default_properties = "fips=yes"

3. Set environment variable OPENSSL_CONF to the path of the Open SSL configuration file. Set environment variable OPENSSL_MODULES to the path of fips.dll or fips.so, as above.
4. Before VixDiskLib initialization, add vixDiskLib.ssl.enableSslFIPS=1 to the VDDK configuration file.
5. With FIPS enabled, the VDDK information log will record “SSL is in FIPS mode” when VixDiskLibInitEx() is called.