The OpenSSL FIPS 140-2 User Guide says: "The FIPS Object Module provides an API for invocation of FIPS approved cryptographic functions from calling applications, and is designed for use in conjunction with standard OpenSSL 0.9.8 distributions beginning with 0.9.8j. Note: OpenSSL 1.0.0 is not supported for use with the OpenSSL FIPS Object Module. These standard OpenSSL 0.9.8 source distributions support the original nonFIPS API as well as a FIPS mode in which the FIPS approved algorithms are implemented by the FIPS Object Module and nonFIPS approved algorithms other than DH are disabled by default. These nonvalidated algorithms include, but are not limited to, Blowfish, CAST, IDEA, RCfamily, and nonSHA message digest and other algorithms."
However, on my installation, the 'openssl version' command reports: OpenSSL 1.0.0-fips 29 Mar 2010 The seems to contradict the note above: "OpenSSL 1.0.0 is not supported for use with the OpenSSL FIPS Object Module." What exactly is the 'openssl version' command telling me in this case? Are "standard OpenSSL" version numbers different from "OpenSSL FIPS Object Module" version numbers? If so, how do they relate? Any clarification on this topic would be much appreciated. Thanks, Keith Welter ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
