Hi Matt, One more doubt.
Please let me know if I compiled my openssl 0.9.8za without -no-ec option and I am not using this alogorithm in any of my application then shall I can say my application is fips complaint? Thanks, Gayathri On Wed, Aug 6, 2014 at 7:22 PM, Gayathri Manoj <gayathri.an...@gmail.com> wrote: > Hi, > > Thanks for your update. > We tried to compile without -no-ec . but its got failed. > > Thanks, > Gayathri > > > On Wed, Aug 6, 2014 at 7:16 PM, Matt Caswell <m...@openssl.org> wrote: > >> On 6 August 2014 14:35, Gayathri Manoj <gayathri.an...@gmail.com> wrote: >> > Hi Matt, >> > >> > Is there any solution to compile openssl-0.9.8za without -no-ec option. >> Or >> > do we have any patch available to fix the fips breakage issue. >> > Known issues in OpenSSL 0.9.8za: >> > >> > FIPS capable link failure with missing symbol BN_consttime_swap. Fixed >> in >> > 0.9.8zb-dev. Workaround is to compile with no-ec: the EC algorithms are >> not >> > FIPS approved in OpenSSL 0.9.8 anyway. >> > >> >> 0.9.8zb is being released later today. So probably your best bet is to >> wait for that. >> >> Although this does beg the question why you need a FIPS build if >> you're going to be using non FIPS approved algorithms anyway? >> >> Matt >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > >
