On Wed, Aug 20, 2014, Lewis Lo wrote: > > I have a question on whether the following OpenSSL vulnerabilities > described in CVE-2014-5139 affects the OpenSSL 1.0.1e-fips The affected > platforms does not indicate if it affect the fips version. Thanks. >
OpenSSL 1.0.1e-fips is not a separate version of OpenSSL it is 1.0.1e compiled with the "fips" option to make it FIPS capable. So the same vulnerabilities apply. The vulnerabilities themselves however are *not* in the validated module so you can use the existing module and compile the latest version of OpenSSL with the "fips" option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
