Re: [openssl-users] FIPS Certification

Wed, 27 Jan 2016 08:55:05 -0800 

The unfortunate people who are legally required to use
FIPS-validated crypto are legally restricted to use
*only* the crypto sw/hw on the FIPS validated list and
*only* in the specific configurations (OS etc.) listed
for each on that list.

Everybody else is better off not trying to use FIPS-
restricted modes and setups.

Those who make software for use by the unfortunate
people obviously have to stay within the limits of
what they are allowed to use, but only in software
for them.

On 27/01/2016 17:34, Imran Ali wrote:

I might be asking asking a very basic question so do apologies upfront but I 
need to have  a clear understanding on this.
The platforms mentioned under #1747 and #2473 does not contain the latest 
versions of Operating System e.g. Windows 2012 R2 and Windows 10. Does this 
have any impact on the certification or these libraries can now be used on any 
OS.
Regards,
Imran
-----Original Message-----
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Jakob Bohm
Sent: 27 January 2016 15:54
To: openssl-users@openssl.org
Subject: Re: [openssl-users] FIPS Certification
On 27/01/2016 16:24, Imran Ali wrote:

All,
Looking at the website
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
There is a new date of 01/25/2016 under Validation against OpenSSL
Software Foundation <http://openssl.com/> (2473). Does that mean that
we now have a FIPS compliant Open SSL again?**
**

According to yesterday's post by Steve Marquess, the platforms listed under 
validation #1747 and
#2473 are OK (for now), but the platforms listed under validation #2398 are 
still at risk unless
#2398 too gets updated before January 31.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to