I've gone through the FIPS User Guide and have built OpenSSL 1.0.1c with the 
FIPS module 2.0.2.  From a practical perspective I'm trying to sort out in my 
mind the following:

- What is functionally different between the standard OpenSSL and OpenSSL 
compiled with FIPS and _not_ in FIPS mode (i.e. FIPS_mode_set(1) _not_ called)?
- Why isn't the FIPS module simply built right into OpenSSL and for those who 
don't want to run in FIPS mode they simply don't call FIPS_mode_set(1)?

Thanks,
LM


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to