Two new zips for Win32 and Win64 versions of OpenSSL 1.0.2n can now be downloadable from the Wiki at:
http://wiki.overbyte.eu/wiki/index.php/ICS_Download PLEASE NOTE the EU in the URL, not BE, this is a new wiki server. There is one moderate security fix relating to badly written applications that ignored SSL handshake errors and continuing to read and write, then without SSL. I don't believe this ever effected ICS, which mostly has good error handling. There is also a new alternate OpenSSL version available, 1.0.2m-fips (still one release behind) that is supported by ICS V8.51 (overnight zip and SVN). The Federal Information Processing Standard (FIPS) Publication 140-2, is a US government computer security standard used to approve cryptographic modules. OpenSSL provides optional fips support that can be compiled in, which includes an integrity self test (similar to Microsoft code signing) and which limits some cryptography. ICS V8.51 add support for OpenSSL 1.0.2m-fips, which needs a little extra code in the application to initialise fips mode and run the self test, see the OverbyteIcsHttpsTst and OverbyteIcsSslMultiWebServ SSL samples. Beware that getting an application certified by an accredited third party laboratory to FIPS 140-2 can take up to a year, and is very onerous and expensive. It will be necessary to prove the OpenSSL DLLs were built from certified source code, and ICS can not provide such proof. So essentially you need to acquire approved Windows DLLs elsewhere, and just use the ICS version for testing. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
