diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
index 3eeea86..2a6923c 100644
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@@ -11,6 +11,10 @@
 #include <string.h>
 #include <memory.h>
 
+#ifdef USE_CRYPTO_GNUTLS
+# include <gnutls/crypto.h>
+#endif
+
 #include <qpdf/QTC.hh>
 #include <qpdf/QUtil.hh>
 #include <qpdf/Pipeline.hh>
@@ -262,7 +266,13 @@ QPDF::processFile(char const* filename, char const* password)
 {
     FileInputSource* fi = new FileInputSource();
     fi->setFilename(filename);
+#ifdef USE_CRYPTO_GNUTLS
+    GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
     processInputSource(fi, password);
+#ifdef USE_CRYPTO_GNUTLS
+    GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
@@ -271,7 +281,13 @@ QPDF::processFile(char const* description, FILE* filep,
 {
     FileInputSource* fi = new FileInputSource();
     fi->setFile(description, filep, close_file);
+#ifdef USE_CRYPTO_GNUTLS
+    GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
     processInputSource(fi, password);
+#ifdef USE_CRYPTO_GNUTLS
+    GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
index 689fef7..57df1eb 100644
--- a/libqpdf/QPDFWriter.cc
+++ b/libqpdf/QPDFWriter.cc
@@ -24,6 +24,10 @@
 #include <algorithm>
 #include <stdlib.h>
 
+#ifdef USE_CRYPTO_GNUTLS
+#include <gnutls/crypto.h>
+#endif
+
 QPDFWriter::Members::Members(QPDF& pdf) :
     pdf(pdf),
     filename("unspecified"),
@@ -321,6 +325,13 @@ void
 QPDFWriter::setDeterministicID(bool val)
 {
     this->m->deterministic_id = val;
+
+#ifdef USE_CRYPTO_GNUTLS
+    if (val)
+	GNUTLS_FIPS140_SET_LAX_MODE();
+    else
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
@@ -342,6 +353,13 @@ void
 QPDFWriter::setPreserveEncryption(bool val)
 {
     this->m->preserve_encryption = val;
+
+#ifdef USE_CRYPTO_GNUTLS
+    if (val)
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+    else
+	GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
 }
 
 void
@@ -2301,12 +2319,23 @@ QPDFWriter::generateID()
 	    }
 	}
 
+#ifdef USE_CRYPTO_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
 	MD5 m;
 	m.encodeString(seed.c_str());
 	MD5::Digest digest;
 	m.digest(digest);
 	result = std::string(reinterpret_cast<char*>(digest),
                              sizeof(MD5::Digest));
+
+#ifdef USE_CRYPTO_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     }
 
     // If /ID already exists, follow the spec: use the original first
diff --git a/libqpdf/QPDF_encryption.cc b/libqpdf/QPDF_encryption.cc
index 2ff48df..ce6fb31 100644
--- a/libqpdf/QPDF_encryption.cc
+++ b/libqpdf/QPDF_encryption.cc
@@ -1,6 +1,8 @@
 // This file implements methods from the QPDF class that involve
 // encryption.
 
+#include <qpdf/qpdf-config.h>
+
 #include <qpdf/QPDF.hh>
 
 #include <qpdf/QPDFExc.hh>
@@ -18,6 +20,10 @@
 #include <assert.h>
 #include <string.h>
 
+#ifdef USE_CRYPTO_GNUTLS
+# include <gnutls/crypto.h>
+#endif
+
 static unsigned char const padding_string[] = {
     0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
     0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
@@ -380,10 +386,21 @@ QPDF::compute_data_key(std::string const& encryption_key,
 	result += "sAlT";
     }
 
+#ifdef USE_CRYPTO_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     MD5 md5;
     md5.encodeDataIncrementally(result.c_str(), result.length());
     MD5::Digest digest;
     md5.digest(digest);
+
+#ifdef USE_CRYPTO_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     return std::string(reinterpret_cast<char*>(digest),
 		       std::min(result.length(), toS(16)));
 }
@@ -1150,6 +1167,12 @@ QPDF::getKeyForObject(
 void
 QPDF::decryptString(std::string& str, int objid, int generation)
 {
+#ifdef USE_CRYPTO_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     if (objid == 0)
     {
 	return;
@@ -1230,6 +1253,10 @@ QPDF::decryptString(std::string& str, int objid, int generation)
 		      QUtil::int_to_string(objid) + " " +
 		      QUtil::int_to_string(generation) + ": " + e.what());
     }
+
+#ifdef USE_CRYPTO_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
 }
 
 void
@@ -1240,6 +1267,12 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
 		    QPDFObjectHandle& stream_dict,
 		    std::vector<PointerHolder<Pipeline> >& heap)
 {
+#ifdef USE_CRYPTO_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     std::string type;
     if (stream_dict.getKey("/Type").isName())
     {
@@ -1361,6 +1394,10 @@ QPDF::decryptStream(PointerHolder<EncryptionParameters> encp,
                               toI(key.length()));
     }
     heap.push_back(pipeline);
+
+#ifdef USE_CRYPTO_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
 }
 
 void