Adkins, Allan (Cont, ARL/CISD) wrote:
New fips compliance version based on 0.9.8k or later? (UNCLASSIFIED)
Classification: _* UNCLASSIFIED*_ Caveats: NONE
Will there be a fips version that addresses recent vulnerabilities
soon?
No, because there are no known vulnerabilities in the "OpenSSL FIPS
Object Module v.1.2" which is *not* repeat *not* the same thing as
"OpenSSL".
The former is a specific special purpose library implementing low level
algorithms and validated to FIPS 140-2 level 1. It is designed to be
used in conjunction with recent ("FIPS compatible") versions of OpenSSL,
so as to leverage the advantages of the high level API of the latter,
but it is a separate and distinct product. See the User Guide
(http://www.openssl.org/docs/fips/UserGuide-1.2.pdf) for more details.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
marqu...@veridicalsystems.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org