On Thu, Oct 27, 2005, [EMAIL PROTECTED] wrote: > Hi list, > > [Sorry for the repost, since I accidentally sent > the unfinished version] > > Just a dummy question about OpenSSL's compliance > to the FIPS standard: > > Is OpenSSL (0.9.7 series, 0.9.8a) is fully in > coordination to the FIPS standard (e.g. 140-2)? > (I mean the crypto modules) > > In order to enable FIPS, one has to config the > build by adding "-DOPENSSL_FIPS", is this enough? >
OpenSSL has not been certified but OpenSSL 0.9.7 (only) is currently under test. The FIPS changes are not currently in 0.9.8 or later versions of OpenSSL. If all goes well a FIPS compliant 0.9.7 will be made available along with various other documents detailing how a linked application can be made compliant. You have to (among other things) compile OpenSSL 0.9.7 with the "fips" option to Configure and enable FIPS mode in the application. This places other restrictions on the application (for example non-FIPS algorithms cannot be used). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
