On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: > Hi, > > I don't know what your intentions are with FIPS support in master, ...
We would like to continue to provide a FIPS validated module for the 1.1 (and subsequent) releases. Unfortunately the current module ("OpenSSL FIPS Object Module 2.0") designed for compatibility with the 1.0 releases won't be compatible with 1.1. That means we need to obtain a new validation for a new module, an endeavor fraught with many difficulties (none of them technical). I do expect the stars will align for that eventually, as they have for the five previous open source based validations. In the interim, since the FIPS module is shaped almost entirely by policy and metaphysical considerations, we should not include any incomplete FIPS specific code in 1.1 -- code that even if complete in some speculative sense would also be unusable absent a matching FIPS 140-2 validation. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev