Blasdel, Jerry wrote:
Would anyone have an update on the status of 0.9.8j and when it will
be officially released? Our customer would like us to go back to
using fips now that fips 1.2 has been certified. Is this version of
OpenSSL going through a similar certification process? Any blurb that
could be provided on the status would be appreciated.
Thanks in advance,
JB
OpenSSL proper (as in OpenSSL 0.9.8j) has not, and doubtless never will
be, FIPS 140-2 validated. You're thinking of the "OpenSSL FIPS Object
Module" which is a separate and much smaller cryptographic library
designed for use *with* compatible OpenSSL distributions. The OpenSSL
FIPS Object Module v1.2 has already been validated (certificate #1051),
and is designed for use with recent versions of OpenSSL 0.9.8 of which
0.9.8j will be the first officially "FIPS compatible" version. However,
you can use recent 0.9.8 snapshots until the 0.9.8j release.
I'll defer to the OpenSSL team on the 0.9.8j release date; last I
checked that release is anticipated in the very near future.
-Steve M.
Open Source Software Institute
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
