On Tue, Mar 8, 2011 at 8:25 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Mon, Mar 07, 2011, Kyle Hamilton wrote:
In order to achieve compliance, you must follow the instructions in the
Security Policy to the letter.
This means that you must:
- download and read the security policy
-
Kyle Hamilton wrote:
...
Note that compliance cannot be truly determined programmatically.
So, it's also a good idea to generate multiple hashes (sha-1,
sha-256, ripemd160, etc) over the fipscanister and associated files,
print them out, and commit to them (physically sign them) as a
On Mon, Mar 07, 2011, Kyle Hamilton wrote:
In order to achieve compliance, you must follow the instructions in the
Security Policy to the letter.
This means that you must:
- download and read the security policy
- download the openssl-fips-1.2.0.tar.gz
- verify its integrity according to
In order to achieve compliance, you must follow the instructions in the
Security Policy to the letter.
This means that you must:
- download and read the security policy
- download the openssl-fips-1.2.0.tar.gz
- verify its integrity according to the security policy
- follow the precise
In the example of building the openssl FIPS *capable* distribution, it
seems one should take the distribution from the official
openssl.org/source website and validate it using PGP. However,
FreeBSD ships openssl distribution within its source tree.
You must follow the instructions contained
On 3/6/2011 3:48 PM, Tim Hudson wrote:
In the example of building the openssl FIPS *capable* distribution, it
seems one should take the distribution from the official
openssl.org/source website and validate it using PGP. However,
FreeBSD ships openssl distribution within its source tree.
Hello openssl-users:
I asked on the FreeBSD security list but perhaps this one is more
apropos. Our company has been tasked to ship a FIPS compliant version
of openssl on top of our FreeBSD based product. I am confused on what
distribution I am allowed to use to create a FIPS compliant release.