To clarify an important distinction - SafeLogic Extended Support for 1.0.2 architecture will not keep the OpenSSL FOM validated past 9/1/2020. SafeLogic does offer a compatible drop-in replacement module that is validated, will remain validated past the 186-2 deprecation on 9/1/2020, and is available with RapidCert, an accelerated validation in your company’s name, but that is a separate offering.
- Walt Walter Paley w...@safelogic.com > On Feb 27, 2020, at 12:59 PM, openssl-users-requ...@openssl.org wrote: > > Send openssl-users mailing list submissions to > openssl-users@openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-requ...@openssl.org > > You can reach the person managing the list at > openssl-users-ow...@openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Re: OpenSSL 3.0 (Salz, Rich) > 2. Re: OpenSSL 3.0 (Neptune) > 3. Re: OpenSSL 3.0 (Salz, Rich) > 4. Re: OpenSSL 3.0 (Jason Schultz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 27 Feb 2020 20:49:33 +0000 > From: "Salz, Rich" <rs...@akamai.com> > To: Jason Schultz <jetso...@hotmail.com>, "openssl-users@openssl.org" > <openssl-users@openssl.org> > Subject: Re: OpenSSL 3.0 > Message-ID: <1e825139-40c4-4888-ab96-32fc423f0...@akamai.com> > Content-Type: text/plain; charset="utf-8" > > * The OpenSSL FIPS Object Module will be moved to the CMVP historical list > as of 9/1/2020. Since there is no OpenSSL 3.0 until Q4 2020, and a FIPS > Module will be after that sometime, where does this leave 1.0.2 users who > need a FIPS validated object module past that date? > > Without their free lunch? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/6e69ca80/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 27 Feb 2020 13:56:10 -0700 (MST) > From: Neptune <pdrot...@us.ibm.com> > To: openssl-users@openssl.org > Subject: Re: OpenSSL 3.0 > Message-ID: <1582836970178-0.p...@n7.nabble.com> > Content-Type: text/plain; charset=us-ascii > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > > > ------------------------------ > > Message: 3 > Date: Thu, 27 Feb 2020 20:58:10 +0000 > From: "Salz, Rich" <rs...@akamai.com> > To: Jason Schultz <jetso...@hotmail.com>, "openssl-users@openssl.org" > <openssl-users@openssl.org> > Subject: Re: OpenSSL 3.0 > Message-ID: <3cfef9fc-d5e7-46d4-8d61-c485bf81e...@akamai.com> > Content-Type: text/plain; charset="utf-8" > > * That's fair. So the only option is to use another module? Extended 1.0.2 > support does not resolve this either, correct? > > I do not think that is the only option. For example, you might be able to > use 3.0 and say it?s ?in evaluation.? There might be other options, that was > all I could think of while composing this email. > > HOWEVER, note that the set of validated platforms for 3.0 is very different > from the current FOM. Someone officially with the project will have to > provide details on that, not me. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/985830ee/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Thu, 27 Feb 2020 20:58:36 +0000 > From: Jason Schultz <jetso...@hotmail.com> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Subject: Re: OpenSSL 3.0 > Message-ID: > > <ch2pr10mb42144fe2fcde9ac37e050dddc7...@ch2pr10mb4214.namprd10.prod.outlook.com> > > Content-Type: text/plain; charset="iso-8859-1" > > For option 2, we have a support contract in place. But does this actually > help us as far as the FIPS Object Module? > > > ________________________________ > From: openssl-users <openssl-users-boun...@openssl.org> on behalf of Neptune > <pdrot...@us.ibm.com> > Sent: Thursday, February 27, 2020 8:56 PM > To: openssl-users@openssl.org <openssl-users@openssl.org> > Subject: Re: OpenSSL 3.0 > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/ea0d384b/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 63, Issue 44 > *********************************************
