I believe (as this question has been asked before) that FIPS-140 is also machine/OS specific and would have to performed for every new version. The fact is, FIPS-140 compliance as it stands now makes little sense for openssl. It is really proving to be a challenege for a company i know developing a Java based product.
Jeff On Fri, 11 Jan 2002, Erwann ABALEA wrote: > On Thu, 10 Jan 2002, Carlos mario Ospina Anzola wrote: > > > Anybody knows if openssl is FIPS 140-2 compliant? > > > > I want to use it at work, but the law request a cryptographic module that > > should be FIPS 140-2 compliant. > > OpenSSL is free software in development, and to obtain a FIPS validation, > someone has to pay a lot of $$. > > So no, OpenSSL is not FIPS xxx-yyy compliant, whatever xxx and yyy are. > > You can pay to let OpenSSL go through the process of FIPS validation, if > you want... > > -- > Erwann ABALEA > [EMAIL PROTECTED] > RSA PGP Key ID: 0x2D0EABD5 > ----- > ``The value of a technical conversation is inversely proportional > to how well the participants are dressed.'' > Larry McVoy > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
