Hi experts, Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions? Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html And according to the CentOS forum, if we enabled FIPS mode on CentOS, then OpenSSL will also be in FIPS mode https://www.centos.org/forums/viewtopic.php?t=9078 Questions: (1) Is that true for OpenSSL ? (2) How about OpenSSH, since we are using SSH for administration, but there is not too much document mentioning OpenSSH Vs. FIPS. But looks like REDHAT already takes care of OpenSSH: https://www.redhat.com/en/about/press-releases/red-hat-completes-fips-1402-certifications Can I assume that OpenSSH is in FIPS mode when CentOS is in FIPS mode ? Regards, Ning Liu