On 07/07/2011 06:54 PM, Nilesh Vaghela wrote: > Hi, > We are interested in testing FIPS + DTLS. Can we test DTLS + FIPS ? >
DTLS is handled by the "FIPS capable" OpenSSL and is compatible with the restricted set of algorithms permitted in the FIPS mode of operation, so it should work. In general anything you can do with the regular OpenSSL libraries that only uses the cryptographic algorithms allowed by FIPS 140-2 should still work with the "FIPS capable" OpenSSL (the OpenSSL FIPS Object Module plus OpenSSL built with the "fips" option). A lot of effort went into designing the FIPS module to make that compatibility possible. Note as a happy consequence that an existing application that uses OpenSSL for all cryptography can usually be readily converted to use FIPS validated cryptography. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
