Hi , I have a different requirement . I want to release openssl 0.9.8j has normal openssl release . i donot want to release fips capable openssl . if i remove the fips option in configure will it generate the normal openssl (with out fips capabability) including all the functionality that are in openssl 9.8h
Please help Thanks joshi On Wed, Nov 19, 2008 at 6:31 PM, Dr. Stephen Henson <[EMAIL PROTECTED]>wrote: > On Tue, Nov 18, 2008, Brad House wrote: > > > > > I'm pretty ignorant when it comes to FIPS, is this a limitation of the > > FIPS requirements itself or a limitation of OpenSSL's FIPS validation? > > > > It is a FIPS requirement. > > > > > Any idea how many root CAs use MD2WithRSAEncryption or any way to work > > around it? It appears to be a Verisign cert ... > > > > That is the only one I know of. It is only the root CAs self signaure > that uses that algorithm, subordinates use SHA1+RSA. > > If a self signed root CA using SHA1+RSA existed that would solve things. > I've > not seen one though and browsers and such like have the MD2 version. > > It could also be argued that the self signed signature check is redundant > so > that could be disabled. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Regards Joshi Chandran