[If this is posted a 2nd time, my apologies, I believe my subscription was broken]
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) and I'd like to test out this set of assumptions (or maybe they are 'assertions') - In the context of OpenSSL, FIPS compliance is all about algorithm choice. In FIPS mode (FIPS_mode_set() returns success), weaker algorithms are disabled and OpenSSL returns an error if use of them is attempted in FIPS mode. - As long as one side of the connection insists that FIPS-approved algorithms be used, and as long as the other side is capable and agrees, then the two negotiate only a FIPS-approved algorithm. o Both sides might be implemented with OpenSSL, but only one of them has to be running in FIPS mode for the negotiation to choose a FIPS algorithm. o If one side is not implemented with OpenSSL, the same is still true: as long as it can negotiate a shared cipher with an process running in FIPS-mode, FIPS compliance is still achieved. - Technically the phrase 'FIPS compliant' refers to the software capability; it does not describe the quality of an end-to-end connection. That is, if a running program is 'FIPS-compliant' it will insure that a safe connection will be negotiated, where 'safe connection' means 'a connection using a FIPS-approved algorithm'. Having written these, they now seem like dumb questions, but I'd rather have affirmation of assertions and appear dumb than do the wrong thing based on a wrong assumption. Thanks for your advice (Steve M...) +-+-+-+-+-+-+ Dave McLellan, Symmetrix Software Engineering EMC Corporation, 176 South St, Hopkinton MA Mail Stop 176-B1 1/P-36 office 508-249-1257, fax 508-497-8027 cell 978-500-2546 +-+-+-+-+-+-+
