No mention of whether or not this will apply to EVERYTHING in a program, or will it be left to administrative guidance. Your thoughts, for example, on a “FIPS mode” flag for SSL or SSL_CTX? At a minimum, that needs to be listed as a stakeholder requirement (from Akamai).
From: "t...@openssl.org" <t...@openssl.org> Reply-To: "openssl-project@openssl.org" <openssl-project@openssl.org> Date: Wednesday, March 14, 2018 at 5:33 AM To: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: [openssl-project] OpenSSL FIPS Wiki Update https://wiki.openssl.org/index.php/FIPS_module_3.0<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.openssl.org_index.php_FIPS-5Fmodule-5F3.0&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=_eDCHauz0_yvlroQYx4dezKXLU9Lc1eYfZlzseS6Mvw&s=4ntdPoDarQosCoGaVQMCiq9PGQ0oktGO7IgRZr7ntf0&e=> I've edited that to be closer to the list of items we are discussing and to remove things which looked like commitments that are out of scope of our current plans. As always, feedback is welcome - but we have had a few people referencing that out of date information so I fixed at least that issue (hopefully). Tim.
_______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
