Hello, When building openssl in FIPS 140-2 mode, the MD5 algorithm is not available for use. There are, however, several RFCs that mandate the use of MD5. Would it be possible to partition a system into a FIPS 140-2 part (more security critical parts, e.g SSL) and one other part that can include support for RFCs that mandate MD5 (e.g. TCP MD5 checksum option, PPP CHAP, etc.). Would it be possible to FIPS 140-2 validate such a system? What would the requirements be regarding the partitioning?
Any pointers to where I can find more info on this topic would be much appreciated. /Roger _________________________________________________________________ Med Windows Live kan du ordna, redigera och dela med dig av dina foton. http://www.microsoft.com/sverige/windows/windowslive/products/photo-gallery-edit.aspx