Re: OpenSSL 1.0.2 EOL

2019-11-27 Thread Matt Caswell
On 27/11/2019 11:07, shiva kumar wrote: > but still the update is going on in the GitHub repository for 102 > branch, is that mean there will be a release by end of this year? There are no commits against the 1.0.2 branch that would qualify for a CVE - they are all relatively minor commits.

Re: OpenSSL 1.0.2 EOL

2019-11-27 Thread shiva kumar
but still the update is going on in the GitHub repository for 102 branch, is that mean there will be a release by end of this year? On Tue, Nov 26, 2019 at 6:31 PM Matt Caswell wrote: > > > On 26/11/2019 11:38, shiva kumar wrote: > > Hi, > > As we know that OpenSSL 1.0.2 support will end in

Re: OpenSSL 1.0.2 EOL

2019-11-26 Thread Matt Caswell
On 26/11/2019 11:38, shiva kumar wrote: > Hi, > As we know that OpenSSL 1.0.2 support will end in 31st  December 2019. > and the latest version is 1.0.2t, is there will be any release by EOL? > can we expect a release before EOL? This is as yet undecided. We issue releases on an as-needed

OpenSSL 1.0.2 EOL

2019-11-26 Thread shiva kumar
Hi, As we know that OpenSSL 1.0.2 support will end in 31st December 2019. and the latest version is 1.0.2t, is there will be any release by EOL? can we expect a release before EOL? Regards Shivakumar

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

2019-10-22 Thread Dr Paul Dale
The FIPS module source code can’t be changed without losing validation. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 22 Oct 2019, at 11:46 pm, Salman Baset wrote: > > Thank you very much. This is helpful. Will the

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

2019-10-22 Thread Salman Baset
Thank you very much. This is helpful. Will the support also include any updates to the FIPS compatible part, or is that out of scope because any update essentially invalidates existing FIPS cert for potential use? On Mon, Oct 21, 2019 at 11:56 AM Dr Paul Dale wrote: > The EOL date for OpenSSL

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

2019-10-21 Thread Dr Paul Dale
The EOL date for OpenSSL 1.0.2 will not be extended. It is possible to purchase premium level support which will provide 1.0.2 updates beyond its normal end of life. See: https://www.openssl.org/support/contracts.html#premium Pauli --

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

2019-10-21 Thread Salz, Rich via openssl-users
* Lastly, is there any chance of extending the EOL date of OpenSSL 1.0.2 till the new FIPS module/OpenSSL 3.0 becomes available? This question gets asked a great deal. Why? The OpenSSL project has not done any 1.0.2-FIPS work for years. This means that if there are any CVE-level bugs in

OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

2019-10-21 Thread Salman Baset
Hello everyone, I was wondering if there is any update on getting a new FIPS-validated module for OpenSSL by the end of this year (before EOL of 1.0.2), as was mentioned in this blog post: https://www.openssl.org/blog/blog/2018/09/25/fips/ According to this email, the new FIPS module is