Tolga Acar wrote: > Well, that is sort of my point. > SHA1 is not a signature algorithm, sha1-with-rsa is, and that RSA is not > a certified algorithm in OpenSSL's FIPS 140 certification, > sha1-with-rsa isn't, either. > Perhaps, my understanding of the OpenSSL FIPS 140 certification is not > entirely accurate.
My fault. RSA is not validated (there are no validation tests for it), but it will be in the code we are submitting for certification. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
