This is true. However, since we now have a better idea of what the API is going to look like (is it going to change, anyone?), we can still build and test our applications against 1.0 and hopefully expect to be able to rebuild them and be able to validate regressions against 1.1.
Confusion may reign for the nonce as to when a permanently-validated module is going to become available... but if we know how to manage the mechanisms of compiling and linking with fipsld [is that going to stay the same?], then we can write our Makefiles and ant scripts with that syntax. I realize that this is a closed-development effort (as required)... but can anyone involved give us some kind of heads-up as to what will change, as soon as it's known? Please? -Kyle H On 6/23/06, Richard Salz <[EMAIL PROTECTED]> wrote:
> Thus, if > you are selling to an entity that requires FIPS, all OpenSSL (and > other encryption) libraries must be put into FIPS mode, or FIPS is not > satisfied and thus the application is not FIPS compliant. As of Wednesday, June 21, the FIPS certification for OpenSSL has been withdrawn; see http://csrc.nist.gov/cryptval/140-1/1401val2006.htm#642 The Open Source Software Institute has an update dated June 16 (http://www.oss-institute.org/index.php?option=content&task=blogcategory&id=62&Itemid=99) that says the "FIPS 1.0" is being withdrawn by request (of NIST), and that "FIPS 1.1" is available. Unfortunately, this is incorrect as both ftp://ftp.openssl.org/source/ and http://www.openssl.org/source/ list the 1.0 version and not the 1.1 version. I don't know that the plans are for the OpenSSL team, but as things stand right now there is *no* FIPS version available. /r$ -- SOA Appliances Application Integration Middleware ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
