It only took nine months, but we finally have a revision of the OpenSSL FIPS Object Module v2.0 (validation certificate #1747) that supports all formally tested platforms and omits Dual EC DRBG entirely.
The earlier revision 2.0.6 also removed Dual EC DRBG, but was superseded only three days later by revision 2.0.7 which added new platforms and reinstated Dual EC DRBG. That happened because approval of the 2.0.6 revision was stuck in bureaucratic limbo for months, with final approval uncertain, during which time we had to proceed with testing new platforms on a code base that still included the Dual EC DRB implementation. As it happens 2.0.6 and the much newer revision supporting those new platforms, 2.0.7, were approved at almost the same time. 2.0.8 is now the preferred revision for all platforms for any new development. There is no need to upgrade any currently fielded revisions unless you feel removal of Dual EC DRBG warrants such an upgrade. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org