On Wed, Jan 25, 2012 at 06:35:58PM -0500, Steve Marquess wrote:
>
> A rough rule of thumb is that if you create a FIPS module
> (fipscanister.o) on a formally tested platform (O/S and processor as
> listed in the Security Policy), and if that binary file when copied
Does the Security Policy list
> Hi,
>
> Does the FIPS module certification is missed if the fipscanister
> module is compiled to a configuration (architecture, compiler version
> etc) different from those listed on OpenSSL security policy? Our
> concern is if a change to something on the build tools like compiler
> version or a
>>> Open crypto/modes/gcm128.c in text editor, locate line that
>>> has '/* check MMX bit */' comment and replace '1<<23' with '1<<25'.
>
> Changing crypto/modes/gcm128.c gets test to pass.
>
>> Another test to perform is following. Revert back to '1<<23', then open
>> crypto/modes/asm/ghash-x86.
> The latest snapshot that has this checkin, has a Perl syntax error on line
> 573
> of crypto/perlasm/x86_64-xlate.pl (missing ; on the line above)
>
> Using perl 5.8.4 on Solaris 10.
Ooops. Fixed. Thanks.
__
OpenSSL Project
On Jan 25, 2012, at 2:21 PM, Manish Yadav wrote:
> Hi Michael,
>
> thanks for quick response. i had one more question, is it possible to do
> decoupling of ssl object and socket fd to avoid rehandshake? (i am thinking
> to create socketfd only for active clients, if it is inactive for sometime
Hi,
Does the FIPS module certification is missed if the fipscanister module is
compiled to a configuration (architecture, compiler version etc) different
from those listed on OpenSSL security policy? Our concern is if a change to
something on the build tools like compiler version or architecture c
Hi Michael,
thanks for quick response. i had one more question, is it possible to do
decoupling of ssl object and socket fd to avoid rehandshake? (i am thinking
to create socketfd only for active clients, if it is inactive for sometime
then close the connection/socket and for inactive clients keep
On Jan 25, 2012, at 7:08 AM, Manish Yadav wrote:
> Hi all,
>
> could you please confirm if dtls timers are implemented at client side only
> and not on server side (only client retries/attempts to establish connection)
> or why they should be implemented on server side also.
You need timers on