Dear OpenSSL developers, currently, there are two FIPS certificates (#1111 and #1051) which state software version 1.2 (built upon OpenSSL 0.9.8) to comply with FIPS 140-2.
Both, the library (under certain environments) and the program (CLI frontend), have been validated (not certified). I'm unsure what that validation really means. Does it mean that following the policies leads to a software module that passes the predefined tests, or is there some more evidence that library and runtime do work correctly. Is there any documentation beyond the contents of the current projects website at http://www.openssl.org/ that shows the correctness of the implementation of the provided cryptographic functions? I guess that before and during validation process much more documentation must have been produced. Could you please point me there? TIA -- Christian ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
