Greetings,
Apologies if this has been covered before, but I couldn't find it in a search. I'm trying to deploy FIPS 140 validated crypto to a RHEL 5 box as part of a FISMA covered project. I think the relevant policy is http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1320.pdf which states "The version of the RPM containing the validated module is version 0.9.8e-22.el5_8.3." The rpm has moved on, and the version the support person wants to use is openssl-0.9.8e-26.el5_9.1|(none) . Is there a basis for asserting FIPS 140 validation with openssl-0.9.8e-26.el5_9.1|(none), or must the original RPM be used? advTHANKSance, --woody -- Dr. Robert "Woody" GBS Cybersecurity & Weaver Privacy IT Security Architect Cell: 301-524-8138 -- Shick's Law: There is no problem a good miracle can't solve.
