Steve, The FTP site does not appear to have any of the fips-1.1.2 files available. The HTTP site has the fips-1.1.2.tar.gz, but does not appear to have any of the signature files. Can you confirm the availability of these files?
Jim Adams -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Marquess Sent: Wednesday, February 06, 2008 1:45 PM To: openssl-users@openssl.org Subject: OpenSSL FIPS Object Module v1.1.1 patch (v1.1.2) now validated I've just been informed that we have received the long awaited official approval of the vulnerability fix for the OpenSSL FIPS Object Module v1.1.1. The patched version of that product is now known as v1.1.2 with the new validation certificate number 918 and can be downloaded from http://www.openssl.org/source/openssl-fips-1.1.2.tar.gz. Please note that the DSA algorithm has been removed from the validation because the rules for DSA changed and the code didn't. I am keenly aware that the effective revocation of the earlier validation more than a month before this patch was approved caused significant disruption for some users of the FIPS validated OpenSSL module. This incident demonstrates both business and operational risks with validated software that I won't belabor now. It also demonstrates the need for a more efficient evaluation process that takes into consideration the open and transparent nature of products such as the OpenSSL crypto module. OSSI will continue to push the OpenSSL validation process. We will also continue to work with the CMVP and other government agencies to try and facilitate the development and adoption of more efficient means of evaluating these products. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
