On Fri, 2009-08-28 at 10:36 -0400, Steve Marquess wrote: > Steve Marquess wrote: > > Mark Phalan wrote: ... > > > Due to the way the FIPS Capable OpenSSL is built it ends up with > > > older implementations of ciphers (all the ones that fipscanister.o > > > implements). These cipher implementations are used regardless of > > > being in FIPS mode or not. > > > > Ummm, not so. Use the OpenSSL FIPS Object Module v1.2 (the > > fipscanister.o part *only*, throw the rest away!) along with a > > current version of OpenSSL 0.9.8 for everything else. That way the > > old but validated crypto implementations in fipscanister.o are used > > in FIPS mode, the standard unvalidated (and current) ones in 0.9.8k+ > > are used when not in FIPS mode. > > > > The FIPS capable build process is discussed in the User Guide > > document noted above. > > Mark, on reflection and a gentle reminder from Steve Henson I realize > I've rather bungled this answer above. Rather than repeat my earlier > mistake of banging out a quick response on the fly I'll give a more > thoughtful statement when I can give it the attention it deserves > (hopefully over the weekend).
Ok, no worries. Thanks for helping me out. -M ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
