> The part about the PRNG is in question? How did people pre-OpenSSL FIPs
get
> validated when they used OpenSSL? Did they have to modify the OpenSSL
code
> and add their own PRNG that would pass?
Are there any FIPS certified apps that use openssl?
If there are any, the short answer is that yes, they replaced the
non-compliant code with code and got that certified.
Depending on how the organization, if they already had a FIPS library,
they probably ripped out most of openssl and treated the TLS library as an
application that used their own crypto.
I'm just speculating, mind you.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
