Is it possible to turn on FIPS mode with WinSSL/Schannel only for running process instead of the whole machine (through policy)?
Is it possible to turn on FIPS mode with WinSSL/Schannel only for running process instead of the whole machine (through policy)?
I don't know about WinSSL because I have never used the library. In this case, I would guess that its a YES.
For the Windows platform and Schannel, the answer is NO. Its either all or nothing.
The setting is controlled via HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (Windows XP and Server 2003) or HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled (Vista and Server 2008). See "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting effects in Windows XP and in later versions of Windows.