On 11/18/2014 06:57 PM, Rob Jerdonek wrote: > I see on the NIST website that OpenSSL FIPS module v2.0.9 is in the process > of FIPS validation. > > Where can I download the latest v2.0.9 source code and the updated FIPS user > guide. > > I would like to test with this new version.
Sorry about the slow response; I've had a surplus of distractions this week. We do not release the OpenSSL FIPS module tarballs prior to formal approval by the CMVP (the bureaucracy responsible for those approvals) because the CMVP has in the past objected strenuously to such "premature" releases. The concept of open source is still a bit alien to the FIPS 140-2 world. As to when 2.0.9 will be available, that's difficult to predict because the CMVP does not give any estimates or ongoing status information for submissions. The formal paperwork for 2.0.9 was submitted by the test lab earlier this week. We've seen similar "change letter" approvals take as little as a few weeks (though that was years ago) and as long as six months. My best guest is perhaps three months (taking into account the slowdown over the upcoming holiday season), so I hope to see 2.0.9 out sometime in mid February. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
