On Thu, Mar 13, 2008 at 12:29:47PM +1100, Damien Miller wrote: > On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote: > > > Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where > > applicable? > > No. Furthermore, there are no "FIPS 140-2 certified bits" - it is an > entire package that is certified, you don't get to pick and choose.
However, if you can find a FIPS 140-2 certified cryptographic accellerator that OpenSSL will use (and most of those supported by OpenBSD will fall into this category), OpenSSH will be using it as well, and you can then presumably put FIPS 140-2* on your product materials or audit questionaire or what have you. -Ryan * With some fine print disclaimer to ensure that nobody accuses you of claiming FIPS compliance for the whole system, of course.
