Please read the blog post about this here:
https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/
Matt
Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready.
The Oracle version is much closer but still not quite there:
https://github.com/oracle/solaris-openssl-fips
Pauli
On 17/3/22 19:19, Dhananjay kumar wrote:
Hi All,
We are looking to go through FIPS 140-3 certification for one
Hi All,
We are looking to go through FIPS 140-3 certification for one of our
products which still runs on openssl 1.0.2(fips object module 2.0.16)
version due to some software dependencies.
in FIPS 140-3, we are asked to explicitly implement KATs(known answer
tests) for below algorithms since
On 29/10/2021 16:40, Cristian Andrei Sandu wrote:
Hi all,
I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL
3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to
approach the issue of induced failures for the power on self tests.
In OpenSSL 1.0.2d we
Hi all,
I'm currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in
preparation for a FIPS 140-2 submission and I'm not sure how to approach the
issue of induced failures for the power on self tests.
In OpenSSL 1.0.2d we used to use FIPS_post_set_callback() for this purpose
I think you've got the fist of the restriction. You cannot make any
changes to the source code, build files or the commands you use to build
the FOM. None are acceptable if you want a FIPS validate outcome. I.e.
you will lose the FIPS 140-2 validation state if you change anything.
Pauli
;note that as a condition of the FIPS 140-2 validation no other user
specified configuration options may be specified."*
Does it mean that I can't make any changes in the build configuration
files? For example, can I change some compilation flags(CFLAGS) or change
the list of linked libraries in makefile
> It seems to me that the easiest thing to do is maintain that release of
OpenSSL by themselves.
>Which would be another variation of such unofficial work.
You could look at things like that. I consider it to be more like "your free
FIPS ride is done, time to pay up"
>That
I think it’s worth pointing out that OpenSSL is itself a non-profit and that
FIPS validations cost a significant amount of money.
Until about a year ago, there was also a notable absence of FIPS sponsors.
Pauli
--
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031
On 08/07/2019 10:12, Dr Paul Dale wrote:
I have to disagree with the “decision not to make a FIPS module for
the current 1.1.x series” comment. Technically, this is true. More
practically, 3.0 is intended to be source compatible with 1.1.x. Thus
far, nothing should be broken in this
I have to disagree with the “decision not to make a FIPS module for the current
1.1.x series” comment. Technically, this is true. More practically, 3.0 is
intended to be source compatible with 1.1.x. Thus far, nothing should be
broken in this respect.
If support for 1.0.2 is required beyond
On 06/07/2019 16:30, Salz, Rich wrote:
>> They would have to get their own validation, their own lab to verify,
etc., etc.
That seems to contradict the other answer, which is that legally, the
FIPS cannister (properly built) can be used with any software outside
the
>> They would have to get their own validation, their own lab to verify,
etc., etc.
>That seems to contradict the other answer, which is that legally, the
>FIPS cannister (properly built) can be used with any software outside
>the cryptographic boundary, the soon-to-be-deprecated
On 04/07/2019 16:44, Salz, Rich wrote:
Is the use of OpenSSL an actual legal requirement of the certification of
the FIPS object module, or just the easiest way to use it?
I'm not sure who you are asking this.
The exiting FIPS validations for OpenSSL only cover the 1.0.2 based
>Is the use of OpenSSL an actual legal requirement of the certification of
the FIPS object module, or just the easiest way to use it?
I'm not sure who you are asking this.
The exiting FIPS validations for OpenSSL only cover the 1.0.2 based source code.
>Difference would be
t; -Kyle H
>>
>> On Wed, Jul 3, 2019, 11:55 Dipak B > <mailto:deepak.red...@gmail.com>> wrote:
>>
>>Dear Experts,
>>
>>Can you please help me with the following question?
>>
>>My win32 desktop application uses 'libcurl' to inter
'libcurl' to interact with web
service, in order to get my application FIPS 140-2 certified,
following is the plan which I arrived at after going through the
'User Guide' and 'Security Policy' pdfs.
Plan:
a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build
it to
Deepak
Just take note of the FIPS 140-2 sunset, and rise of FIPS 140-3
140-3 Takes Effect: 9/22/19
140-3 New Testing Begins: 9/22/20
140-2 Sunset: 9/21/21
140-3 Mandated: 9/22/21
And best of luck ;)
https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal
On Wed, Jul 3, 2019, 11:55 Dipak B wrote:
> Dear Experts,
>
> Can you please help me with the following question?
>
> My win32 desktop application uses 'libcurl' to interact with web service,
> in order to get my application FIPS 140-2 certified, following is the plan
> which I a
Step a. needs to verified the digest with an existing FIPS 140-2 validated
cryptography implementation. Otherwise, to my understanding, this is the
correct sequence of events.
Do note that after building the fipscanister.lib, you will want to digest
it and print it on a certification letter
Unless your product (application) is listed on the certificate, it is
not FIPS 140-2 certified.
Similarly, if you build your own car and drop in an OEM Ford engine,
your car does not become a Ford.
On Wed, 3 Jul 2019 at 13:35, Dipak B wrote:
>
> Hi,
>
> Thank you for the quick an
No, strictly speaking, you cannot. Just because you use a FIPS 140-2
certified cryptographic module doesn't mean that your application is
FIPS 140-2 certified. It means that your application includes (or
uses) a FIPS 140-2 certified cryptographic module. Or, as it is
sometimes called, "FIPS I
Hi,
Thank you for the quick answer.
Both the questions have subtle difference. My apology they appear almost
same.
So, to clear my doubts, following is my understanding
a) An application is FIPS 140-2 certified if and only if it links directly
to 'fipscanister.lib'.
b) Application which links
Didn’t you just ask this question? :)
If you followed the Win32 build instructions *exactly* and you build your
application to turn on FIPS mode and link against the canister, then yes.
If you made changes to the process, then no.
Dear Experts,
Can you please help with the following questions?
All inputs are appreciated.
a) Can we call an Win32 application built with FIPS Capable OpenSSL as FIPS
140-2 Certified in strict sense?
where FIPS Capable OpenSSL is OpenSSL built using the FOM (fipscanister.lib)
I am seeking
Dear Experts,
Can you please help me with the following question?
My win32 desktop application uses 'libcurl' to interact with web service,
in order to get my application FIPS 140-2 certified, following is the plan
which I arrived at after going through the 'User Guide' and 'Security
Policy
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Oleg Paikin
> Sent: Wednesday, June 20, 2018 01:01
> We would like to add to our product OpenSSL with FIPS 140-2 module. The
> problem is that our OS and CPUs
> are not FIPS certified. We use vx
Oleg wrote:
> We would like to add to our product OpenSSL with FIPS 140-2 module. The
problem is that our OS
> and CPUs are not FIPS certified. We use vxWorks 5.5.1 with 3 types of
CPUs in different products.
>
> How can we get certification for these environments? OSF answered that
th
Hi
We would like to add to our product OpenSSL with FIPS 140-2 module. The problem
is that our OS and CPUs are not FIPS certified. We use vxWorks 5.5.1 with 3
types of CPUs in different products.
How can we get certification for these environments? OSF answered that they do
not do FIPS
The OpenSSL FOM Cert. #1747 will not be moved to the CMVP Historical List since
it does not implement a non-compliant AES key wrapping service in the defined
cryptographic boundary.
All of the FIPS modules that implement a non-compliant AES key wrapping service
have already been moved to the
surrounding this.
Thanks for your help!
Zeke Evans
Senior Software Engineer
Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich via openssl-users
Sent: Friday, February 02, 2018 5:26 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] FIPS 140
On 03/02/18 08:13, Alex Dankow via openssl-users wrote:
> Greetings!
>
> You probably know that low level AES function AES_set_encrypt_key is
> disabled in FIPS 140-2 module. Instead it is offered to use EVP_
> set of functions.
>
> We develop transparent database encr
➢ Question: Is there a way to set IV for CTX after its initialization for
FIPS
version of OpenSSL?
No, sorry.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Greetings!
You probably know that low level AES function AES_set_encrypt_key is
disabled in FIPS 140-2 module. Instead it is offered to use EVP_
set of functions.
We develop transparent database encryption for SQL Server and
performance is very important issue. AES CTR requires very frequent
The OpenSSL FIPS Validation #1747 is affected by the key wrapping transition
and will therefore be moved to Historical at some point.
As we’ve said, FIPS will be the focus of our next feature release after 1.1.1
(TLS 1.3).
--
openssl-users mailing list
To unsubscribe:
Hi,
NIST recently gave notice of Symmetric Key Wrapping Transition, details are
found here
https://csrc.nist.gov/projects/cryptographic-module-validation-program/notices.
It is not clear to me whether the FIPS 2.0 module is affected by this. I am
mostly curious about this part:
All
I cannot seem to use EVP_aes_256_wrap() in FIPS mode. I saw some earlier
discussions on using low level APIs; but I am using the EVP method. Is it
supported? I am using 1.0.2h/2.0.12.
Thanks much
-S
--
openssl-users mailing list
To unsubscribe:
: Wednesday, August 17, 2016 06:11
To: openssl-users@openssl.org
Subject: [openssl-users] OpenSSL - FIPS 140 Compliant
Hello OpenSSL,
Which version of OpenSSL is FIPS 140 compliant?
Thanks,
Vikram K
::DISCLAIMER
On 08/17/2016 09:10 AM, Vikram Kamaraj - ERS, HCL Tech wrote:
> Hello OpenSSL,
>
>
>
> Which version of OpenSSL is FIPS 140 compliant?
None. A more useful question to ask is "for which versions of OpenSSL
are compatible FIPS modules available?". The answ
Hello OpenSSL,
Which version of OpenSSL is FIPS 140 compliant?
Thanks,
Vikram K
::DISCLAIMER::
The contents of this e-mail and any attachment(s
On 04/08/2016 17:53, Thomas Francis, Jr. wrote:
...
I really should point out three things, though:
1) FIPS 140 compliance (from any software package) is always less secure than
non-FIPS 140 compliant packages. By its nature, the validation process places
software several months to years
> On Aug 4, 2016, at 11:00 AM, o haya <oh...@yahoo.com> wrote:
>
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our systems,
> overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that
> needs to be bui
On 08/04/2016 11:00 AM, o haya wrote:
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our
> systems, overall, and I know that there's a "FIPS 140-2 module" for
> OpenSSL, that needs to be built from source and then integrated into
> Ope
Hi,
I've been tasked to look into FIPS 140-2 "compliance" for our systems, overall,
and I know that there's a "FIPS 140-2 module" for OpenSSL, that needs to be
built from source and then integrated into OpenSSL by building OpenSSL with the
FIPS module.
The User
If you neither know nor care what FIPS 140-2 is, count yourself lucky
and move on (even if you're a Star Wars fan; this isn't nearly as
entertaining).
The "Alternative Scenario 1A/1B" aka "clone" aka "rebrand" validations
have been an endless source of confusion, eve
If you neither know nor care what FIPS 140-2 is, this is your lucky day.
Avert your eyes and move on, nothing to see here.
The entry for the ancestral OpenSSL FIPS Object Module v2.0 validation,
#1747, on the NIST CMVP web site appears to be the victim of some sort
of clerical error:
http
As always, if you don't know or care what FIPS 140-2 is then rejoice at
your good fortune and move on.
The "red letter" message for the #1747 validation listing noted in my
E-mail last Monday was confirmed as an error by the CMVP and has now
been removed from the web site entr
As always, if you don't know or care what FIPS 140-2 is then rejoice at
your good fortune and move on.
I'm getting queries about "red letter" text in the listing of the #1747
validation on the NIT CMVP web site:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747
Some good news for a change, but if you neither know nor care what FIPS
120-2 is you're not missing anything.
The final "X9.31 RNG transition" change letter update for the third
validation (#2398) of the OpenSSL FIPS Object Module v2.0 trilogy
(#1747/#2398/#2747) was approved yesterday. This
I'm getting private queries about the status of the OpenSSL FIPS Object
Module v2.0 (the "OpenSSL FIPS module") which I'll answer here for everyone.
As always, if you don't know or care what I'm talking about then run for
high ground lest you trip and fall down the rabbit hole...
The OpenSSL
If you don't know or care what FIPS 140-2 is then bail out now. Here be
dragons.
The CMVP has approved the mandated "X9.31 RNG transition"[1] update for
two-thirds of the OpenSSL FIPS Object Module v2.0. That "transition"
consists of editorial changes to the Security Policy
If you're not aware of or anxious about the "X9.31 RNG transition",
rejoice. You live in a saner world that those of us who do have to worry
about it.
The test lab has informed me that the formal "change letter" submission
to address the "X9.31 RNG transition" for the OpenSSL FIPS Object Module
On 12/22/2015 09:32 AM, Imran Ali wrote:
> Thanks Steve,
>
> I was more concerned on the news that openssl may not be FIPS
> compliant because of:
>
> 'sunsetting' older FIPS validations and the reasoning behind the
> change has to do with the Random Number Generators (RNG). As of
> December
On 12/14/2015 08:23 AM, Steve Marquess wrote:
> On 12/02/2015 11:16 AM, Steve Marquess wrote:
>> If you don't know or care what FIPS 140-2 is, be very glad this isn't
>> your problem and turn your charitable attentions to some worthy cause.
>>
>> The CMVP
ple intertwined
issues.
I think the term "paper shuffle" in this context refers to the "X9.31
RNG transition" issue which is (hopefully) a one shot aberration, one
pothole in the vast wasteland of FIPS 140-2 validations. That is
(mostly) addressed, in that a benefactor has
] FIPS 140-2 X9.31 RNG transition expenses
On 12/21/2015 09:32 PM, Salz, Rich wrote:
>
>> Just want to confirm on this item. Are we saying that to get openssl
>> back to be FIPS compliance is just a paper shuffle. If so is there
>> any expected eta on it as our team is
Hi Steve,
Just want to confirm on this item. Are we saying that to get openssl back to be
FIPS compliance is just a paper shuffle. If so is there any expected eta on it
as our team is using openssl version for a security project and we need a fips
compliance library.
Regards,
Imran
> Just want to confirm on this item. Are we saying that to get openssl back to
> be FIPS compliance is just a paper shuffle. If so is there any expected eta
> on it as our team is using openssl version for a security project and we need
> a fips compliance library.
No.
We have answered this
Hello,
I'm using the OpenSSL FIPS object module and I have to program a C code that
sets FIPS 140-2 level 3. Is there a function in the C library that sets it? How
can I set the FIPS protected directory, so I can store my private key?
Any tip will be very helpful,Thanks
On 12/19/2015 07:20 AM, Marcos Bontempo wrote:
> Hello,
>
> I'm using the OpenSSL FIPS object module and I have to program a C code
> that sets FIPS 140-2 level 3. Is there a function in the C library that
> sets it? How can I set the FIPS protected directory, so I can store m
Subject: Re: [openssl-users] FIPS 140-2 library
>
> On 12/19/2015 07:20 AM, Marcos Bontempo wrote:
> > Hello,
> >
> > I'm using the OpenSSL FIPS object module and I have to program a C code
> > that sets FIPS 140-2 level 3. Is there a function in the C library that
>
On 12/19/2015 08:19 AM, Marcos Bontempo wrote:
> Thanks for the quick answer! And about specifying a FIPS protected
> directory, is there a function in the C library? I need to save my
> private key in a FIPS protected directory.
I have no idea what the term "FIPS protected directory" means.
I want to exclude the private key if there is an attempt to violation. Has FIPS
this functionality?
> To: openssl-users@openssl.org
> From: marqu...@openssl.com
> Date: Sat, 19 Dec 2015 08:22:47 -0500
> Subject: Re: [openssl-users] FIPS 140-2 library
>
> On 12/19/2015 08:19 A
On 12/19/2015 08:28 AM, Marcos Bontempo wrote:
> I want to exclude the private key if there is an attempt to violation.
> Has FIPS this functionality?
I think you have some misconceptions about what FIPS 140-2 is and isn't.
It is "magical pixie dust", not a technique or so
Thanks for the help! I really have misconceptions about FIPS 140-2. I was
instructed to compile and install this module: http://openssl.com/fips/. But I
cannot understand how can I use it. Can you explain its functionalities? Sorry
for the dummie questions.
> To: openssl-users@openssl.
On 19/12/15 14:23, Marcos Bontempo wrote:
> Thanks for the help! I really have misconceptions about FIPS 140-2. I
> was instructed to compile and install this module:
> http://openssl.com/fips/. But I cannot understand how can I use it. Can
> you explain its functionalities? Sorry fo
On 12/02/2015 11:16 AM, Steve Marquess wrote:
> If you don't know or care what FIPS 140-2 is, be very glad this isn't
> your problem and turn your charitable attentions to some worthy cause.
>
> The CMVP has introduced a new policy that will result in the effective
> termination
Thank you Steve,
This is very useful information.
>>I'm getting private queries about this (why is there is such reluctance
to discuss the delights of FIPS 140-2 in public?).
I've noticed technical questions related to private FIPS certifications
never get answered, at
On 12/03/2015 10:41 AM, R C Delgado wrote:
> ...
>
> BTW, I had guessed why FIPS certification questions don't get answered:
> it's all about funding, but thank you for explaining it in your email.
>>>... FIPS validation business; it has gone
> from economically marginal to unsustainable and as a
If you don't know or care what FIPS 140-2 is, be very glad this isn't
your problem and turn your charitable attentions to some worthy cause.
The CMVP has introduced a new policy that will result in the effective
termination of many extant validations if they are not updated by
January 31 2016[1
On 12/02/2015 11:16 AM, Steve Marquess wrote:
> If you don't know or care what FIPS 140-2 is, be very glad this isn't > your
> problem and turn your charitable attentions to some worthy >
cause. > > The CMVP has introduced a new policy that will result in the
> effectiv
If you don't know or care what FIPS 140-2 is, trash this message quickly
before it harshes your mellow.
The "RE" validation, an "Alternative Scenario 1A" clone of the #1747
validation, was approved today
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473
RAND_bytes as described earlier. Note that the call to FIPS_mode_set must
succeed in order to operate in FIPS 140 mode.
But if I look at the OpenSSL/FIPS security policy it lists:
CTR DRBG (AES), no derivation function
as being approved but there is no mention of whether CTR DRBG (AES
If you don't know or care what FIPS 140-2 is then heave a big sigh of
relief and move on.
Over a month ago[1] I noted that the four typographical errors from the
CMVP execution of the hostage platforms[2] had still not been corrected.
Ten weeks have now passed, and not only are those typos still
If you don't know or care what FIPS 140-2 is then dance a little jig of
joy and move on.
The hostage issue has resulted in the forced removal[*] of a number of
platforms from the #1747 validation. That removal was done by editing
the Big Blob o' Text in the rightmost cell of the entry
(Operational
Environments) listed for that validation, unless you are able to
leverage the user affirmation option per section G.5 of the
Implementation Guidance document (one of the canons of FIPS 140-2
scripture).
And, is there any
money-saving advantage at using an already validated OpenSSL when
unit (embedded device) qill be going for validation ? Eg. will it save lab
time if they know that the OpenSSL used is already validated ?
Regards.
--
View this message in context:
http://openssl.6102.n7.nabble.com/New-FIPS-140-2-SE-Validation-Approved-tp58909p58944.html
Sent from the OpenSSL
position, since I can
just read your updates, and accept them without knowing all the reasons behind
it. :) I'm ok either way.
TOM
--
Preserve wildlife -- pickle a squirrel!
On Jun 22, 2015, at 11:27 AM, Steve Marquess marqu...@openssl.com wrote:
If you don't know or care about FIPS 140-2
If you don't know or care what FIPS 140-2 is, a hysterical giggle of
pure delight and whoop of relief before moving on is fully justified.
The SE (Salavge Edition) validation has been approved:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398
This actually appeared
If you don't know or care about FIPS 140-2 then count yourself very
lucky and move on.
In the same spirit of collaboration that underlies all of the open
source based OpenSSL FIPS Object Module validations, of which the #1747
validation is the latest, some of the stakeholders impacted
at 11:17 AM, Steve Marquess marqu...@openssl.com wrote:
If you don't know or care what FIPS 140-2 is then count yourself very
lucky and move on.
I've created a new web page to summarize the current status of the
long-running hostage saga:
http://openssl.com/fips/aftermath.html
If you use
On 06/22/2015 02:36 AM, Jeffrey Walton wrote:
Hi Steve,
Forgive my ignorance
From the previous postings, I *thought* that the validation only
applies to real iron, and [retroactively] was not conferred to the
VMs. But it seems like this list includes real hardware, too:
12
If you don't know or care what FIPS 140-2 is then count yourself very
lucky and move on.
I've created a new web page to summarize the current status of the
long-running hostage saga:
http://openssl.com/fips/aftermath.html
If you use the OpenSSL FIPS Object Module 2.0 (validation #1747), you
If you don't know or care what FIPS 140-2 is then count yourself very
lucky and move on.
There is a new development in the long running saga of the hostage
issue[*]; the hostages have been executed:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747
Cross-referencing
was building an app with FIPS 140-2 compliant
communications.
Note there really is no such thing as FIPS 140-2 compliant (though you
see that terms bandied around a lot and I'm guilty of doing so myself).
The term of interest is FISP 140-2 validated (n.b.: that's validated
not certified).
Now
n00b question here. I recently ran across a question on an iOS forum
where someone was building an app with FIPS 140-2 compliant communications.
Now, from reading here (mailing lists) about FIPS certification, it
involves both the bits and the platform. So it would not be possible to
create
On 04/28/2015 03:44 PM, Sec_Aficionado wrote:
Hi there,
Total n00b question here. I recently ran across a question on an iOS
forum where someone was building an app with FIPS 140-2 compliant
communications.
Note there really is no such thing as FIPS 140-2 compliant (though you
see
Hi there,
Total n00b question here. I recently ran across a question on an iOS forum
where someone was building an app with FIPS 140-2 compliant communications.
Now, from reading here (mailing lists) about FIPS certification, it involves
both the bits and the platform. So it would
On 03/21/2015 02:48 PM, xxiao8 wrote:
At the moment OpenSSL FIPS validation supports ANSI X9.31 with AES128
for RNG, however it will be outdated in 2015.
Another alternative RNG in OpenSSL FIPS is SP800-90 DRBG, however the
new requirement is to use DRBG per SP800-90A.
Are the DRBGs in
At the moment OpenSSL FIPS validation supports ANSI X9.31 with AES128
for RNG, however it will be outdated in 2015.
Another alternative RNG in OpenSSL FIPS is SP800-90 DRBG, however the
new requirement is to use DRBG per SP800-90A.
Are the DRBGs in SP800-90/OpenSSL-FIPS-2.0.9 the same as
As always, if you don't know or care what FIPS 140-2 is then count
yourself lucky and move on (in this case, count yourself *very* lucky).
We have -- we think -- a workaround for the hostage issue that was
blocking the addition of new platforms to the OpenSSL FIPS module
validation via change
Anyone had a chance to look at this? I would really appreciate any help
someone offers.
Thanks,
--
Peter Barton
NetProtec
Original Message
Subject: OpenSSL FIPS 140-2 Compliant
From: pbar...@netprotec.com
Date: Sat, July 26, 2014 10:15 am
To: openssl-users@openssl.org
I am
From heartbleed.com:
Does OpenSSL's FIPS mode mitigate this?
No, OpenSSL Federal Information Processing Standard (FIPS) mode has no
effect on the vulnerable heartbeat functionality.
==
Scott Ruffner
Computer Systems Senior
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris Bare
It is not.
-ag
--
sent via 100% recycled electrons from my mobile command center.
On Apr 9, 2014, at 7:22 AM, Chris Bare chris.b...@gmail.com wrote:
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris
I’m trying to decipher FIPS 140-2 Certification in regards
to OpenSSL FIPS module 2.0 and have some questions:
1.
Can one claim FIPS validated if running on an
Operating Environment not listed on Cert #1747? (I don’t think not having
an OE direct match is necessarily required, as long
On 03/26/2014 02:45 PM, Jason Schultz wrote:
I’m trying to decipher FIPS 140-2 Certification in regards to OpenSSL
FIPS module 2.0 and have some questions:
1. Can one claim FIPS validated if running on an Operating
Environment not listed on Cert #1747? (I don’t think not having
Hi,
We are working on making our application FIPS 140-2 Compliant. We use Cent
OS 6.4, does the OPENSSL bundled with the CENT OS 6.4 is already a FIPS
Compliant?. What all we need to do to make our application running on CENT
OS 6.4 to make it FIPS Compliant. I see some posts which talks about
On Sun, Mar 16, 2014 at 5:49 AM, srikanth skanth2...@gmail.com wrote:
Hi,
We are working on making our application FIPS 140-2 Compliant.
There's no such thing as FIPS Compliant. You use validated
cryptography, or you don't use validated cryptography.
If your marketing department calls your
Hi Jeffrey,
Thanks for clarification.
I have one question in this. What did you mean by Suite B Algorithms ?
Secondly, the ciphers which you mentioned are available in Standard openssl
package, or for that we need to have FIPS 140-2 module linked ?
Thanks Regards,
Nayna Jain
Nexus Tools
1 - 100 of 143 matches
Mail list logo
