Full Article:
http://service.spiegel.de/cache/international/0,1518,344374,00.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Auto
Hello All,
I have a question regarding the use of certificates in IE 5+ and Netscape
4.7+. We have written a small customised SSL web server using OpenSSL,
etc... This web server is only to be made available to employees of the
customer company, using SSL to secure the link and a login mechanism
The line in question is an assembly instruction: rdtsc, which is a Pentium
(or beyond...) only instruction. You have to set your compiler options
accordingly. Having said this, that command causes havoc with BC v3.0 IDE
(the command line compiler works OK with the appropriate flag) regardless of
- Original Message -
From: "Ales Pour" <[EMAIL PROTECTED]>
> Hmmm... so /G5 option (ntdll.mak) isn't enough?
The /G5 option does not exist for BC++ Ver3.0. I think it should be -5
Stephen
__
OpenSSL Project
Sorry, got a crossed line there. (This stuff is completely making me go
bald. )
Grin,
Stephen.
- Original Message -
From: "Ales Pour" <[EMAIL PROTECTED]>
> No, :-)
> I meant - /G5 option isn't enough for VC5 to deal with Pentium
> instructions in inline assembler?
___
(Kidding, kidding.)
But I suppose it's got to be memorable so your root can remember it when
s/he's got to restart the webserver.
And another question: When I use openssl to genrsa, is -rand /dev good
enough?
Th
that they want
to trust my certificate)?
Thanks
Steve
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
cted.
BTW the term is "validated" not "certified".
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
you to obtain a written
certification from the vendor for such procurements, specifically naming
the validation certificate number(s). Good advice.
-Steve M.
--
Steve Marquess
Open Source Software institute
marqu...@oss-institute.org
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mo
he conventional proprietary validations it comes down to a
vendor assertion.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
___
n starting with the 1.0.0
baseline. Good luck with that, you have a long row to hoe.
Incidentally, unless you're seeking a Level 2 validation for a non-CC
certified environment you'll regret defining the crypto module boundary
to include your entire application.
-Steve M.
--
Steve Marqu
idation, but your Level 2
platform will require a separate validation.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
_
on low powered platforms (sometimes taking
tens or even hundreds of seconds). We're going to make it significantly
less painful for the upcoming new validation now in progress, but there
will always be a performance hit relative to the same software without
enabling FIPS mode.
-Steve M
prakgen wrote:
Thanks Steve. This happened on a system with Intel dual core 2.4ghz
processor and 2gig ram. Is the observed cpu pattern expected on such
platforms? You mentioned it will be less painful after upcoming
validation. Do you mean change in implementation for speedier self-tests
one uses FIPS validated cryptography for fun (there is no technical,
functional, or security advantage, in fact FIPS validated crypto is
undesirable from any purely practical perspective).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
US
as a
statement of compliance with the build process.
Actually the one digest the CMVP cares about in this context is
HMAC-SHA-1, with the HMAC key "etaonrishdlcupfm".
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877
that describes the necessary steps for
building a validated module:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1051.pdf.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, M
ryan.sm...@gdc4s.com wrote:
...
So no support is currently planned for Linux x86 (32-bit)? That seems
like a gaping exclusion.
Yes, it is. Among others...
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
representing the Distinguished Name to DER format using openssl?
Thanks,
Steve.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
cally by the "FIPS capable" OpenSSL distributions.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
> What is happening?
>
> No Fips in the Openssl 1.0.1 STABLe.
>
>
Correct, and you won't be seeing the "FIPS capable" support there for
some time. We're concentrating on the validation of the module (OpenSSL
FIPS Object Module 2.0) now.
-Steve M.
--
Steve M
vance for any future validations. The "zeroization" demonstration
in particular arose from a request long ago that seemed silly even at
the time; the specifics are no longer relevant.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
etter mod process
is that results can usually be obtained in weeks instead of the many
months needed for a new validation.
My contact info is below if you want more info.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
at any time, but this special
window of opportunity over the next few weeks will allow us to easily
correct reported problems.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
of effort went
into designing the FIPS module to make that compatibility possible.
Note as a happy consequence that an existing application that uses
OpenSSL for all cryptography can usually be readily converted to use
FIPS validated cryptography.
-Steve M.
--
Steve Marquess
OpenSSL Software F
undation.com/testing/docs/NSA-PLA.pdf). Note that
sublicense only covers some prime field ECC; for the rest of it "seek
competent legal advice". Also note the license is nontransferrable.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
US$40K, not a bad price as validations go.
> 3) In the OpenSSL validation effort, will Mac OS be one of the
> tested platforms? Can you share list of platforms that will be
> tested?
The current list can be found at
http://opensslfoundation.com/testing/validation-2.0/platforms/Platforms
ginning to have a single set of "FIPS
capable" OpenSSL libraries suffice for a Linux distribution, with
individual applications able to enable FIPS mode or not. There is also
a global mechanism, OpenSSL_config()/openssl.cnf, that would permit
specification of a default FIPS mode for a
besides building the
FIPS module in accordance with the Security Policy, such as making sure
the FIPS capable libraries are used for *all* cryptographic operations,
and enabling the FIPS mode with FIPS_mode_set().
An attempt was made to document the various aspects of this process in
the
.
Note that for the cross-compiled platforms we have occasionally had to
modify ./config and/or ./Configure, with those modifications carefully
vetted by the test lab. If you can build your cross-compiled module
with steps 1 and 2 only, with no mods as in step 3, then you could
presumably claim the r
d for use via the standard API of a "FIPS capable" OpenSSL.
As for building, see
http://www.mail-archive.com/openssl-dev@openssl.org/msg29421.html.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
uary 2012) your only no-cost option
is to use the OpenSSL FIPS Object Module v1.2.3 with OpenSSL 0.9.8.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@o
penssl-fips-2.0-test-20111013.tar.gz
and later) on their platforms of interest, and report any problems to
us. Build and test instructions are given in the ./README.FIPS file.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+
s
it is being tested are encouraged to reference the
OpenSSL-fips-2_0-stable branch in the OpenSSL CVS repository.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@o
On 12/05/2011 08:39 PM, Varma Dantuluri wrote:
> Hi
>
> Can the new OpenSSL FIPS 2.0 module be used with OpenSSL 0.9.8
> releases? Or can it only be used with OpenSSL 1.0.1 and later?
No, it can't -- it is designed for use with 1.0.1 and greater only.
-Steve M.
--
Steve
On 12/06/2011 12:32 PM, Varma Dantuluri wrote:
> Thanks Steve.
>
> Just curious as to why this cannot be done. Is it because of some
> structure changes between 0.9.8 and 1.0.1?
Correct, there are too many differences in the FIPS module API, between
the 0.9.8 compatible 1.2.x module
/openssl-fips-2.0rc1.tar.gz
Note some additional cosmetic changes will be made prior to the formal
validation award.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
As with the OpenSSL FIPS Object Module
validations that will be a huge (for us) and expensive undertaking,
though ultimately also of significant benefit. At present we've made no
definite plans in this area.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Roa
source/openssl-fips-2.0rc3.tar.gz
for source to the pending 2.0 module.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundati
response time has been many months (as long as
13 months from painful 7personal experience). But, based on feedback
from multiple sources it appears that the CMVP backlog is at an all time
low now of only a couple of months, which if true and not just wishful
thinking will mean we should expect the
The OpenSSL FIPS Object Module 2.0 is now in "coordination" status at
the CMVP. That's usually a good sign that the formal validation award
is imminent (as in "a week or three...").
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
that of prior revisions, hence
reference to those has been dropped. There is no reason to use any
earlier revisions for any new product development or deployment, but
deployed instances of earlier revisions remain valid.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Eph
On 03/08/2012 04:05 PM, Ashit Vora wrote:
> Thanks Steve. This makes sense (i.e. newer versions subsuming older
> versions).
>
> However given that 1.2 is no longer listed on the NIST website, that
> version can no longer be considered FIPS validated. This is an issue for
> depl
On 03/08/2012 05:12 PM, Steve Marquess wrote:
> On 03/08/2012 04:05 PM, Ashit Vora wrote:
>> Thanks Steve. This makes sense (i.e. newer versions subsuming older
>> versions).
>>
>> However given that 1.2 is no longer listed on the NIST website, that
>> version
"forget" anything, for any of the change letter mods (via
multiple labs, incidentally). The updates were all carefully designed to
be strictly cumulative, differing only in the addition of new OEs with
newer revisions subsuming but not invalidating earlier ones.
-Steve M.
--
Steve Marqu
On 03/08/2012 08:49 PM, Ashit Vora wrote:
> Steve,
>
> First let me clarify that it isn't my intent to challenge OpenSSL
> validation. In fact the reason I started down this path is because I
> have a product that uses v1.2 and needs to claim FIPS compliance. I
> cannot
On 03/09/2012 11:18 AM, Ashit Vora wrote:
> Steve,
>
> Please see response from Randy (CMVP Director) below. It clearly
> indicates older versions (including v1.2) are no longer considered
> validated since they are not listed on the website:
Randy is the man, so I stand cor
API. However, the
formal validation of that module is still pending. We think we are very
close -- perhaps within a few days -- but as always the timeline is
difficult to predict with any certainty.
The formal validation will be announced here as soon as it happens.
-Steve M.
--
Steve Marquess
Op
re will surely
be some in the FIPS 140-2 community who disagree on one or more points.
Important caveat #3: only the CMVP is in a position to make
authoritative pronouncements of any kind about FIPS 140-2. In general
they will respon
tc.
Corrections, comments, suggestions, etc. are welcome.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opens
On 04/04/2012 07:17 PM, Alex Chen wrote:
> Steve,
>
> Unfortunately it has been four weeks and the status is still stuck in
> 'coordination'. Well, we all know the government pace is a 'little
> slower' than the rest of the industry. There is a 'finalizat
ailing ), where most of the time it splits that out over
several packets. The test "Client Hello" requests seem identical.
Any insights would be much appreciated.
Thanks,
Steve
Flaky intermediate CA not being served up on the failed handshakes.
From: Steve Gallivan
Sent: Monday, June 01, 2009 5:51 PM
To: openssl-users@openssl.org
Subject: SSL Handshake question
Hello,
I apologize if this is an obvious NOOB question - my Google-Fu is not up to
snuff on this one
the weekend? Any
insight you can provide is greatly appreciated.
Steve Lovette
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Steve Marquess
Sent: Monday, March 09, 2009 7:23 AM
To: openssl-users@openssl.org
Subject: Re:
S. Zick
Sent: Friday, June 12, 2009 11:29 AM
To: openssl-users@openssl.org
Subject: Re: FIPS
On Fri June 12 2009, Lovette, Steve wrote:
> Team
> In the NIST list of FIPS 140-2 certified products & algorithms I do
not see OpenSSL on that list. Are you embedding (hope) a certified
prod
ng one-off binaries for individual end users is time lost to
supporting the community as a whole.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
301-524-9915 cell
301-887-2571 land/fax
marqu...@veridicalsystems.com
__
e to modify the make files in
>> order to use the right compiler where necessary. Is what I'm
>> talking about really doable?
>>
>
> Cross compiling isn't supported at all for the 1.2 validation. You
> need to compile OpenSSL natively with unmodified sources followin
he validation from scratch you
might as well use the most up-to-date software which has a number of
happy-to-glad improvements that can't be retroactively incorporated in
the existing validation.
-Steve M.
--
Steve Marquess
Open So
ing
fipscanister.o, as that file can then be moved to a non-standard but ABI
compatible platform.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
_
I have a build script for some software that needs to locate the OpenSSL
headers and libraries, and I have reports that it is failing to locate
the libraries on some OSes.
One example identifies itself (via 'uname') as:
sunos open-solaris-noc 5.11 snv_95 i86pc i386 i86pc
What is the default inst
Victor B. Wagner wrote on 2009-10-19:
> On 2009.10.19 at 16:30:14 +0100, Steve Hay wrote:
>
>> I have a build script for some software that needs to locate the
>> OpenSSL headers and libraries, and I have reports that it is failing
to
>> locate the libraries on some
On Thu, 2009-10-22 at 09:53 -0500, Steve Alstrin wrote:
Following is the out put from the fipsld shell sccript.
I followed the instructions for building the openssl-fips1.2 lib the
followed the instructions for building the opensll-0.9.8k lib refering
to the the fips lib. I can link a single
It appears that fipsld is fairly unusable in its current state, i found
the 3 following errors with it do far.
1) fails to link shared libs with g++
2) fails to link shared libs that link with other shared libs
3) fails to link exeucutable that links to other shared libs.
4) fipsld requires ./fip
icated validation we worked on took
thirteen months, and the very first open source based validation took
five years. It's not a speedy process and it can't be hurried once the
paperwork is submitted to the CMVP, and that's the stage that consumes
the most time. The s
le. So at this point I really don't what the validity of
certificate #1051 will be after 2010.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-
ve, even if only one such company has to foot the
entire bill.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
_
validated module won't be suitable as
the basis for new validations beyond 2010.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http
ve the financial resources. It's already mid April
so we're also rapidly running out of time to have a validation completed
before 2011.
-Steve M.
--
Steve Marquess
Open Source Software institute
marqu...@oss-institute.org
___
I can
see is that the writesocket() call in socket_write() returns a -1.
Any suggestions on how to proceed?
Running "openssl s_client -connect my.server.dns:443 -CAfile myCAFile" works
fine when either openssl version is used by my serve
per
trail to prove you followed the peculiar and specific requirements of
the Security Policy for generating the Module. IMHO there is really no
point in trying to build it from source again and again.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
). The resulting
binaries are functionally identical by any technical test that could be
devised, yet one module is FIPS 140-2 validated and one isn't.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim R
William A. Rowe Jr. wrote:
> On 7/9/2010 9:05 AM, Steve Marquess wrote:
>
>> Mark Parr wrote:
>>
>>> Use of the FIPS OpenSSL is a mandated thing and not just something that we
>>> are looking to do for the fun of it. In fact, the base OpenSSL was work
ct Module v1.2 ("FIPS 1.2") is compatible with
0.9.8x but not with 1.x. A new validation of a 1.x compatible FIPS
object module will be needed, and as of now we have no sponsors.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
ectively as we'd had a
lot of practice). Such work doesn't improve the publicly available
OpenSSL product but it does help pay the rent. We'd much rather work on
the open source software, however.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ep
r them too.
Looking through the archives for this mailing list I found references
to the nCipher box, CryptoSwift cards, the cryptodev ENGINE aka
OCF-linux, and smart cards. Are there other devices I should also
research? Thanks for any suggestions.
Steve
---
Steve Strobel
Link Communications,
are,
but there is currently no one really representing that interest (the
previous validations did receive significant financial support from the
U.S. government and DoD, but that was all done on a one-off basis).
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephr
a general solution,
or any solution at all.
We can't of course put a fix where it belongs, in the OpenSSL FIPS
Object Module source. If/when we do another validation we'll try to
check the Cygwin platform.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount
p get one for you.
Good Luck
Kind Regards,
Steve Roylance
Business Development Director
GlobalSign
www.globalsign.com| www.globalsign.eu
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ivo welch
Sent: 16 August 2010 01:21
To
lobalsign.co.uk/document-security-compliance/adobe-cds/
You can use the certificate viewer built into Adobe Acrobat or Reader to
examine the profile of the certificates.
Thanks.
Steve
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On
his particular issue.
Thanks
Steve
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Crypto Sal
Sent: 17 August 2010 05:30
To: openssl-users@openssl.org
Subject: Re: Adobe Acrobat Certificates?
On 08/16/2010 10:52 AM, Jakob B
7#8
...
Thanks for the report. Unfortunately we can't fix the already validated
product.
I tried this just now on a HP-UX 11.11 (PA-RISC) system, no problem.
Could you also try v1.2
(ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz)? We won't be
able to fix it their e
Welling, Conrad Gerhart wrote:
Well, Steve, if you had no problem, I'm inclined to believe that I am in
error and that I didn't review the occurrence properly before reporting it.
I'll report back when I've reviewed the issue again by confirming it's
occurrence (sta
ty the poor the
poor software vendor who wants to write technically sound and secure
code that can be validated and exported.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL
Welling, Conrad Gerhart wrote:
Steve:
Well, I put the IA64 build on the back burner. I downloaded the trial HP C
compiler package and installed it on a HP-UX 11 PA-RISC2.0 platform on which
I have tried to build openssl-fips-1.1.2. I've hit a snag (actually, a few)
and spent a few
Welling, Conrad Gerhart wrote:
Steve:
Here 'tis:
---
Makefile
---
FIPSPROD = openssl-fips-1.1.2.tar
FIPSDIR = openssl-fips-1.1.2
Welling, Conrad Gerhart wrote:
Steve: 1. HP C trial version Appears that there are patchs which must
be applied to the (trial) HP C depot installation on my platform.
I'm not a sysadmin, but, am assuming the role with this particular
PA-RISC2.0 platform. I had assumed that the depot inc
ow approval is probably only a few days or weeks
away, and at which point I'll make a heads-up announcement.
If it makes anyone feel any better, take it from me that there are other
government validation/certification processes that are slower, more
difficult, and more pointless than FIPS 14
I'm curious as to why the last argument of SSL_read() and SSL_write() are
typed as in" and not size_t, when surely int is "wrong". I realize that it
would be a huge effort to change now, but I wonder why it was done like
this in the
Does anyone have a technical reference on the use of special generator
value 2 in DH keys?
Steven Pauly
Pitney Bowes GMS
This email message may contain confidential, proprietary and/or privileged
information. It is intended only for the use of the intended recipient(s).
If you have received it
w and that the validation will *probably* be awarded in a
couple of weeks or so. Emphasis on the "probably" -- I have been wrong
before.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
___
the final FIPS-validated RTM
build cannot be built at this time.
We do not know how long it's going to take for the validation to
occur. When it is complete and fully-validated, Steve Marquess of the
Open Source Software Institute will post the announcement here.
Well put.
Based
.0.tar.gz.
Any problems reported for v1.2 can't be fixed for the forthcoming
validation, but we can fix them for any future validations. At this
point v1.1.2 is sufficiently dated, and diverges enough from v1.2, that
bug fixes are less likely to be relevant to the current development
ba
It will be soon, though. Hopefully...
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing
suspecting we may be looking at a more indeterminate delay. That's
just a guess on my part, of course, sorry I can't be more definite.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenS
FIPS mode is turned on after SSL_library_init() but
> before connecting to the remote host?
>
> FIPS_mode_set function must be called before SSL_library_init()?
>
No, FIPS_mode_set() can be called afterwards. In can even be called
long afterwards, after performing crypto operations
ule is always generated as position
independent code. The corresponding "FIPS capable" OpenSSL
distributions ("fips" option) will automatically include it in the
libcrypto shared library.
-Steve M.
--
Steve M
joshi chandran wrote:
> how to link fipsld with the application .Can u please explain
Please read the documentation:
http://www.openssl.org/docs/fips/SecurityPolicy-1.1.2.pdf and
http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf.
-Steve M.
--
Steve Marquess
Open Source Software instit
approved
algorithms) is another matter, but then you're not artificially
constraining your options for identifying and correcting implementation
vulnerabilities.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
_
.7m.tar.gz and openssl-fips-1.1.2.tar.gz.
Anyone got any comments on whether I've gotten this right?
You did.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
1 - 100 of 638 matches
Mail list logo
