The FIPS module source code can’t be changed without losing validation.
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 22 Oct 2019, at 11:46 pm, Salman Baset <salman.a.ba...@gmail.com> wrote: > > Thank you very much. This is helpful. Will the support also include any > updates to the FIPS compatible part, or is that out of scope because any > update essentially invalidates existing FIPS cert for potential use? > > > On Mon, Oct 21, 2019 at 11:56 AM Dr Paul Dale <paul.d...@oracle.com > <mailto:paul.d...@oracle.com>> wrote: > The EOL date for OpenSSL 1.0.2 will not be extended. > > It is possible to purchase premium level support which will provide 1.0.2 > updates beyond its normal end of life. See: > https://www.openssl.org/support/contracts.html#premium > <https://www.openssl.org/support/contracts.html#premium> > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > >> On 21 Oct 2019, at 9:11 pm, Salman Baset <salman.a.ba...@gmail.com >> <mailto:salman.a.ba...@gmail.com>> wrote: >> >> Hello everyone, >> >> I was wondering if there is any update on getting a new FIPS-validated >> module for OpenSSL by the end of this year (before EOL of 1.0.2), as was >> mentioned in this blog post: >> https://www.openssl.org/blog/blog/2018/09/25/fips/ >> <https://www.openssl.org/blog/blog/2018/09/25/fips/> >> >> According to this email, the new FIPS module is dependent on OpenSSL 3.0, >> whose release timing is not certain yet. >> https://mta.openssl.org/pipermail/openssl-users/2019-February/009836.html >> <https://mta.openssl.org/pipermail/openssl-users/2019-February/009836.html> >> >> I will appreciate if someone can provide an update on the new FIPS timeline >> as that will help folks who are looking to depend on OpenSSL's >> FIPS-validated modules in the next 6-9 months or so. >> >> Lastly, is there any chance of extending the EOL date of OpenSSL 1.0.2 till >> the new FIPS module/OpenSSL 3.0 becomes available? >> >> Thanks >> Salman >
