Hi Steve, Thanks a lot for the reply. I have one more question. In order use a FIPS 140-2 certified TPM hardware in OpenSSL FIPS enabled environment, do I have to add engine support in OpenSSL FIPS Object Module and go for private label?
Regards Jayalakshmi On Fri, Jul 4, 2014 at 8:14 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Fri, Jul 04, 2014, Jayalakshmi bhat wrote: > > > Hi All, > > > > We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our > > product. Recently we have added TPM support. TPM chip is not FIPS > > compliant. Hence in FIPS mode none of the SSL applications are working. > > > > I wanted inputs on the following questions. I would be grateful to > receive > > any help. > > > > 1. According to FIPS user guide *OpenSSL FIPS 140-2 User Guide : 2.6.2 > > Algorithms Available in FIPS Mode, *with the current TPM chip we cannot > > make the device FIPS complaint. Is my understanding correct? > > > > If the TPM chip is not FIPS compliant then nothing you can do will change > that. > > If you consider it acceptable to use non-FIPS compliant algorithms in FIPS > mode then there are ways to override the non-FIPS algorithm blocking. In > the > case of private keys you can set appropriate flags for example. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
