On Mon, 26 Jan 2015 22:35:12 -0500 Tom Francis <thomas.francis...@pobox.com> wrote:
> This is a bad idea. It can generally be done, and it’s probably not > even too hard (for some uses, anyway). But it’s a bad idea. Here’s > why: Thanks for the detailed comments. I understand the concerns, although there's one thing I do not see clearly, that is: > 2) Applications that don’t know they’re operating in FIPS > mode may attempt to use algorithms that are disallowed in FIPS mode, > but using an API that will actually succeed. How could this happen ? Do you have a practical use case ? Wouldn't OpenSSL in FIPS mode prevent the use of such algorithm in the first place ? Regards. _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users