Hi Steve............ Thanks so much for your replay and explanation..............it is very helpful. Have a great day........... Sincerely, Beth E. Okun
________________________________ From: [EMAIL PROTECTED] on behalf of Steve Marquess Sent: Sat 5/31/2008 9:07 AM To: [email protected] Subject: Re: openssl 0.9.8 with fips Beth E. Okun wrote: > Hi, > > I'm wondering about integrating fips into openssl-0.9.8g. We were > previously using openssl-0.9.7m, and have noted that the fips1.0 > directory is absent in the 0.9.8g release, and also that the > "./Configure" script does not contain any of the fips functionality. > > I did note in some of the documentation that there is an > openssl-0.9.8 fips build, I'm wondering if this is currently > validated? Also, is this a build that anyone can download? > > Thank you so much for your time. > > Sincerely, > > Beth E. Okun You must have just missed the post from Steve Henson: > The version currently under test is essentially: > > ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz > > Though there are no guarantees it wont change before validation is > finalised. > > The snapshots such as: > > ftp://ftp.openssl.org/snapshot/openssl-0.9.8-stable-SNAP-20080526.tar.gz > > > are based on more recent versions of OpenSSL 0.9.8. They can be > linked against the 1.2 module (when available) in a similar way to > 0.9.7 and the 1.1.2 module. Note that the OpenSSL FIPS Object Module (the special validated code) is *not* contained in each and every version of standard OpenSSL. It can't be, because a key aspect of the FIPS 140-2 voodoo is that validated software cannot change at all, and of course the regular OpenSSL releases do change. The FIPS Object Module also has but a small subset of the functionality of regular OpenSSL. It is a separate and distinct, and very specialized, entity. Because the FIPS Object Module has limited functionality, few will want to use it directly. Instead it is designed to be used in conjunction with certain "FIPS capable" versions of the full OpenSSL product. The FIPS Object Module provides the validated low level cryptography while the FIPS capable OpenSSL provides the familiar OpenSSL API, internally redirecting as appropriate to the FIPS Object Module. So you want the validated FIPS Object Module v.1.2, which won't be available for a month (or two, or three...) and a FIPS capable 0.9.8 OpenSSL. There is (will be) only one version of the former, while the "FIPS capable" support will be carried forward in future 0.9.8 releases. -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org <http://www.openssl.org/> Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>
