Greetings,
While a patch was issued, you cannot apply it and maintain FIPS
certification. Re-read that sentence. Perhaps your management doesn't
understand this. There is NO APPROVED patch that keeps OpenSSL's FIPS
certification. Sorry.
L.
[EMAIL PROTECTED] wrote:
I am tasked with identifying which systems in our network required this
patch. I have a tool that can search files for particular data. Is there
a value in a file on vulnerable systems that can positively identify which
systems need the patch?
Jaime Castells, CISSP
--
"NOTICE: The information contained in this electronic mail transmission is
intended by Convergys Corporation for the use of the named individual or
entity to which it is directed and may contain information that is
privileged or otherwise confidential. If you have received this electronic
mail transmission in error, please delete it from your system without
copying or forwarding it, and notify the sender of the error by reply email
or by telephone (collect), so that the sender's address records can be
corrected."
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
--
Leonard F. Elia III, CISSP 757.864.5009
Sr. System Administrator
ConITS - NASA Langley Research Center
NCI Information Systems, Inc., Hampton VA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]