Thanks Steve. This makes sense (i.e. newer versions subsuming older versions).
However given that 1.2 is no longer listed on the NIST website, that version can no longer be considered FIPS validated. This is an issue for deployed products that have depended on v1.2 for FIPS compliance. -Ashit On Thu, Mar 8, 2012 at 3:46 PM, Steve Marquess < marqu...@opensslfoundation.com> wrote: > On 03/08/2012 01:43 PM, Ashit Vora wrote: > > Hello, > > > > I searched the archives but did not find the answer to this question. > > > > What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed > > as FIPS validated? It seems only v1.2.3 is now listed: > > That's because the original validation #1051 has been extended to > include additional platforms. Each such extension resulting in a change > to the software (each set of extensions, actually) results in an > incremented module revision number, now at 1.2.3. The functionality of > revision 1.2.3 completely subsumes that of prior revisions, hence > reference to those has been dropped. There is no reason to use any > earlier revisions for any new product development or deployment, but > deployed instances of earlier revisions remain valid. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@opensslfoundation.net >
