On Thu, Dec 23, 2010 at 3:35 PM, <aerow...@gmail.com> wrote: > Export the environment variable OPENSSL_FIPS=1, and then try openssl md5? > I am aware of two companies which are (were?) claiming a FIPS validated module via OpenSSL sources, but not building the canister. For completeness, the companies may have fixed the issues with their internal build and compliance processes.
I believe something stronger is needed to audit vendor provided binaries. Jeff > > On Tue, Dec 21, 2010 at 1:04 PM, Zamora, Robert <robert.zam...@serco-na.com> > wrote: >> >> Is there a way to determine if OpenSSL binaries were compiled with the >> FIPS "certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives >> me the same results using fips_test_suite. >> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
