RE: OpenSSL FIPs question

[OpenSSLGRT]

Hi --   The problem I have is that the PocketPC port I use (see below) is OpenSSL 0.9.8a (so from what you said below only 0.9.7j and 0.9.7 versions above j are FIPs validated). But … I know people have been using OpenSSL for getting their apps FIPs validated for longer than before 0.9.7 version so I wonder how that works – how did people use OpenSSL before OpenSSL was FIPs validated to get their apps validated? Thanks for any info!   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of OpenSSLGRT Sent: Saturday, February 04, 2006 4:13 PM To: openssl-users@openssl.org Subject: OpenSSL FIPs question   I am using Portable OpenSSL 0.9.8a for Windows CE 4.20e (http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/) to force my PocketPC 2003 application to post data to our server using TLS and cipher suite 3DES, SHA1, RSA. Works great! The reason for this is to prepare for FIPs 140-2 (forcing TLS, etc required). Is the Portable OpenSSL 0.9.8a part of the idea of Open SSL being FIPs validated (so that is am I using the correct libs here)?   Thank you!