Hello,
We are including openssl in a development platform. We are seeing more and more
requests from our customers for the FIPS validated version of OpenSSL. I am now
trying to understand what it would mean to include the FIPS validated platform
in our development platform.
Currently, the FIPS validated openssl version is based on 0.9.7 (I believe it
is based on 0.9.7i). How are newer releases of Openssl 0.9.7 handled? Is it
possible to upgrade to the latest openssl 0.9.7 without voiding the FIPS
certification? This FAQ, http://oss-institute.org/fips-faq.html, claims
upgrades can be made without affecting the validation. However, the FAQ is
quite old, last update in July 2004. Is this valid?
Can you change some #include statements in header files in the fips module
without voiding the certification?
Regards Roger
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
