> [[email protected] - Fri Dec 17 11:56:52 2010]: > > When the OpenSSL source code is re-validated, please consider allow > folks to remove the algorithms. There are a few reasons to allow the > removal of unused algorithms: >
There is no real need to do this. The validated tarball is there only to produce the validated module fipscanister.o, that contains only FIPS validated algorithms and of those you listed above only contains 2DES and 3DES. It should be possible to exclude algorithms from the FIPS capable version of OpenSSL, apart from the DES related algorithms. If not that's a bug that will be fixed. We didn't exclude no-xxx and other command line options (such as the install path) from the validated build procedure out of choice. We were required to enforce this in the security policy. The only way to have them supported in future would treat every no-xxx combination as a separate module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
