Blasdel, Jerry wrote:
All,
Is there a 0.9.8 version of OpenSSL that is fips compliant? Steve
thought there would be one available possibly around February/March
timeframe of this year.
Alas, that schedule has slipped. We lost a month plus due to the
unexpected ordeal of getting the vulnerability patch to the v1.1.1
validated product approved. In addition the number of test platforms
(eight) for the ongoing v1.2 validation has consumed much more time than
I'd estimated due to difficulties with procuring necessary hardware and
software. Unfortunately the formal submission for government review
doesn't happen until *all* testing is completed on *all* platforms.
We're almost done with the last platform, 64 bit Windows. That caused
an inordinate amount of delay and in hindsight I would have dropped it
from the validation.
Then the real wait begins. I'm hesitant to even guess at a final
completion date. The backlog for CMVP review is apparently running at
six months or more, that would take us out until August at the earliest.
Still fast compared to the first validation which took over five years.
I had hoped to get the cycle down to under a year, but FIPS 140-2
validations will never be fast compared to software product life cycles.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
