Hi,
Now that openssl is FIPS certified, is there any plan to have a fips
compliant version of OpenVPN?
My understanding is that there are two steps here:
1. Forcing OpenVPN to use FIPS crypto module from OpenSSL.
2. Make sure non-FIPS-compliant algorithms are not used.
A while back, we tried OpenVPN 2.0 with OpenSSL fips 1.0 (2004), got
it to compile but failed at random number generator ...
Mon May 1 22:26:44 2006 us=97732 TLS_ERROR: BIO read
tls_read_plaintext
error: error:24066067:random number generator:FIPS_RAND_BYTES:prng not
rekeyed
I am a novice to openvpn internal, but I can imagine that step #2 might
be considerably harder.
I would like to know if there is any plan for FIPS and how hard it is.
Thanks in advance
- Nilij
