-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Given the response...
Is there intention that the 0.9.8 branch be maintained past the 'n' patch release for any future discovered security issues either in openssl-0.9.8 code or SSL/TLS protocols as implemented on 0.9.8? I assume the 2010 limit on new validations is the impending finalization of 140-3. As a foot note, having obtained certification previously on a subset of our products, I understand and well appreciate the cost and headache factors involved. Thanks, Woody Steve Marquess wrote on 03/29/2010 06:47 PM: > Gatewood (Woody) Green wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: RIPEMD160 >> >> I noticed in trying to build OpenSSL 1.0.0 that Configure no longer >> accepts the fips and --with-fipslibdir= arguments (as does all 0.9.8 >> version since "j" for building in conjunction and with inclusion of >> openssl-fips-1.2). >> >> Are we awaiting another certification pass of an updated canister beyond >> openssl-fips-1.2? >> > > Yes. > >> Is there something significant in the 1.0.0 that fundamentally changes >> the API? Or is this more of a case of dual branch development and the >> changes make since 0.9.8j just did not get merged into the 0.9.9/1.0.0 >> branch? >> > > Yes, 1.0.0 is sufficiently different that the existing OpenSSL FIPS > Object Module isn't compatible. > > We'd like to implement the FIPS module functionality into 1.0.0 but just > as for the past validations we're pretty much stuck until and if > sponsor(s) step forward to fund that effort. In addition to the > substantial amount of coding work the test lab fees are far beyond our > means without such financial backing. > > Note also that the rules for FIPS 140-2 validations are changing and > even the original 0.9.8 compatible validated module won't be suitable as > the basis for new validations beyond 2010. > > -Steve M. > - -- - ----------------------------------------------------------------------- Gatewood Green Sr. Software Engineer/Network Admin Email: wo...@nitrosecurity.com http://www.nitrosecurity.com/ NitroSecurity - ----------------------------------------------------------------------- Imagine, if you will, a world in which there are no hypothetical situations... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org/ iEYEAREDAAYFAkuyH5wACgkQHnsUla8nzK0DOwCg5NsERo2vk9aAJddKUM4N0T0u cO0AmwYy29BVJ2Um0TTTw6+7/Wy67d2c =12pp -----END PGP SIGNATURE----- This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to postmas...@nitrosecurity.com, and destroy all copies of this message and any attachments without reading or disclosing them. Thank you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
