Thanks David and kyle for your time. Kyle, "though current practice includes "procurement", not necessarily "implementation" I did not understand the above statement? Can you elaborate..
thanks Srinivas On Sat, Feb 21, 2009 at 3:11 AM, Kyle Hamilton <aerow...@gmail.com> wrote: > Default OpenSSL can understand and speak the cryptographic algorithms > that FIPS can validate. This does not mean that it is FIPS validated. > (For example, if it can accept MD5 for anything other than > establishing the premaster secret, it's not FIPS validated or even > FIPS validatable.) This is an interoperability issue -- OpenSSL tries > to be interoperable, as much as it can. (This is in marked contrast > to other implementations, such as Windows's up to and including Server > 2003.) > > FIPS validated cryptography is mandated on endpoints which handle > sensitive information by the US Federal Government (though current > practice includes "procurement", not necessarily "implementation"). > > You cannot claim FIPS validation at your server simply because it can > talk to FIPS-validated clients. Your server must also be > FIPS-validated, which means that it must use a validated cryptographic > module in accordance with that module's security policy. > > -Kyle H > > On Thu, Feb 19, 2009 at 10:23 PM, smitha daggubati <smithad...@gmail.com> > wrote: > > Hello all, > > I have a general query regarding FIPS mode. I am running an simple > openssl > > https server based on openssl that services https requests from window > > clients. I have the following setting in my windows XP "Use FIPS comliant > > algorithms for encryption, hashing and signing set to 1" . > > Using IE on a windows xp client with the above setting i am able to > > communicate with a openssl command line https server. I dont have FIPS > > enabled on my opessl command line tool. Then how come i am able to handle > > requests from a windows machine which has the FIPS setting to 1. > > > > Now is it ok to say i am FIPS compliant on the server side becaause i am > > handling FIPS requests from clients? > > > > thanks in advance for your time. >
