Thanks for the information, Bill.
As best I could tell it looks like the OpenSSL folk have not gotten
around to bringing the fips mode forward into 0.9.8 yet either...
--
Jess Holle
William A. Rowe, Jr. wrote:
Plenty. First, OpenSSL is -not- FIPS certified. It's in
the certification
Thanks for the info.
,
Josh.
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 11, 2005 6:44 PM
To: dev@httpd.apache.org
Cc: dev@httpd.apache.org
Subject: Re: Apache2 FIPS Certified?
Plenty. First, OpenSSL is -not- FIPS certified
At 08:12 AM 8/12/2005, Jess Holle wrote:
Thanks for the information, Bill.
As best I could tell it looks like the OpenSSL folk have not gotten around to
bringing the fips mode forward into 0.9.8 yet either...
That's not as likely to happen on any particular schedule, and
would be a pointless
Plenty. First, OpenSSL is -not- FIPS certified. It's in
the certification under test (CUT) phase, and no word of
exactly what will come of that phase. Second, you would
have to enable OpenSSL's fips-only mode, and stop using
all prohibited entropy, hashing and crypto.
The http project has a