> It seems to me that the easiest thing to do is maintain that release of
OpenSSL by themselves.
>Which would be another variation of such unofficial work.
You could look at things like that. I consider it to be more like "your free
FIPS ride is done, time to pay up"
>That p
I think it’s worth pointing out that OpenSSL is itself a non-profit and that
FIPS validations cost a significant amount of money.
Until about a year ago, there was also a notable absence of FIPS sponsors.
Pauli
--
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7
On 08/07/2019 10:12, Dr Paul Dale wrote:
I have to disagree with the “decision not to make a FIPS module for
the current 1.1.x series” comment. Technically, this is true. More
practically, 3.0 is intended to be source compatible with 1.1.x. Thus
far, nothing should be broken in this respect.
I have to disagree with the “decision not to make a FIPS module for the current
1.1.x series” comment. Technically, this is true. More practically, 3.0 is
intended to be source compatible with 1.1.x. Thus far, nothing should be
broken in this respect.
If support for 1.0.2 is required beyond
