On Tue, Aug 3, 2010 at 13:17, William A. Rowe Jr. <wr...@rowe-clan.net> wrote: > On 8/3/2010 10:05 AM, Bryan wrote: >> I see a "fips" directory in 0.9.8o. If I'm building OpenSSL with FIPS >> on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile? > > This is well documented in the FIPS user guide and security policy, and > if you haven't read them in detail, what you are compiling undoubtedly > does not conform to the mandatory FIPS policy. >
I've been building it the same way for several days (first the FIPS module in openssl-fips-1.2), then OpenSSL. But why is there a "fips" directory in 0.9.8o? And why doesn't OpenSSL create libs that will work with OpenSSH when I try to build it in Cygwin? I need a "libcrypto.a", not ssleay.lib or make OpenSSH use ssleay.lib. I can't modify anything in order to stay "FIPS compliant", and I can't seem to get OpenSSH to build with a fips-compliant OpenSSL, which is what I really care about anyway. What kills me is that it looks like that what I'm doing is some kind of foreign idea... running fips enabled openssh on a Windows box. What documentation I find is either old, and no longer applicable, or no one has ever come up against this, presumably because either gave up themselves, or fudged it, and are really not using "FIPS" enabled openssh. Regards, Bryan Brake ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
