On Fri Mar 13 21:00:30 2015, [email protected] wrote: > Thank you Stephen, > > Since the product is already build on > openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there > could be lot of change in terms of API what our product use.
Well if you'd used any OpenSSL 0.9.8 using ./config fipscanisterbuild then the result would not be FIPS compliant as you weren't using the validated FIPS module. In outline you need to download the FIPS module appropriate for your version of OpenSSL. For 0.9.8 the latest is 1.2.4 you can get it from: https://www.openssl.org/source/old/fips/openssl-fips-1.2.4.tar.gz Extract the tarball. Build and install using: ./config fipscanisterbuild make make install Download OpenSSL 0.9.8 latest tarball currently: https://www.openssl.org/source/openssl-0.9.8ze.tar.gz and extract it. Then do: ./config fips make Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
