On 02/07/2014 12:47 PM, Trebilcock, Richard wrote: > Hi, > > I am an ILS Engineer working for CGI IT UK Limited. At the present > time I am looking at software obsolescence issues that relate to the > CGI project I am working on. On this project we use OpenSSL FIPS 1.2 > and FIPS 1.2.4. > > In order to support our process of monitoring software obsolescence I > would be grateful if you could provide me with the following > information with respect to OpenSSL FIPS 1.2 and FIPS 1.2.4: 1. End > of Product Support date 2. Superseding Product if support for PDFtk > 1.12 or FIPS 1.2.4 is no longer available. > > Your assistance with this matter is most appreciated. > > Regards, > > Richard
Richard, this query would be more appropriate for the openssl-users list. PDFtk: no idea, that is product quite separate and distinct from OpenSSL. I didn't know it had any support for FIPS 140-2. "OpenSSL FIPS 1.2" and "FIPS 1.2.4" are both the OpenSSL FIPS Object Module v1.2, validation certificate #1051. The latest revision of that module is 1.2.4. That module, including all revisions, remains validated (though as with all validated modules it is now subject to the new SP800-131A and FIPS 186-4 restrictions effective Jan 1 2014). However, the 1.2 FIPS module is only usable with OpenSSL 0.9.8 releases. OpenSSL 0.9.8 is still supported as a sustainment release, meaning vulnerability bugfixes, but is effectively obsolete for many purposes. For instance, it does not support TLS 1.2. The OpenSSL FIPS Object Module 2.0, validation certificate #1747, should be used for any new development and careful consideration should be given to upgrading any FIPS 1.2/OpenSSL 0.9.8 based products to FIPS 2.0/OpenSSL 1.0.1. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org