On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote: > > Another approach I am considering is to have both a FIPS-capable and non-FIPS > capable version of OpenSSL installed on the system (with suitable adjustments > to > .so file names to avoid conflicts) with the application using the former when > FIPS > mode is required and the latter otherwise (perhaps by dynamically loading the > appropriate one, or by using a different LD_LIBRARY_PATH). > > Any thoughts on the viability of that approach? >
The FIPS capable version of OpenSSL outside FIPS mode should be compatible with the non-FIPS build of the same version of OpenSSL so there shouldn't be a need to do this. Any incompatibilities would be regarded as bugs which should be fixed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
