Title: RE: Inclusion of FIPS
Jeffrey Altman wrote
There are a couple of things that have been bothering me.
(1) I'm not sure the use of .SHA1 files is going to work
long term on Windows. First, they are unmanageable
when it comes to patches. Second, Windows itself
modifies the .EXE/.DLL
Hi,
this (openssl-dev) is indeed the wrong list. openssl-users might be
better suited, but your problem seems to be application / configuration
related.
imapd-ssl: couriertls: read: error:140943FC:SSL routines:
SSL3_READ_BYTES:sslv3 alert bad record mac
I've had 'bad record mac' errors when
Dear,
Has OpenSSL already checked that there is no influence of [NISCC-006489/SMIME] ?
Did the OpenSSL development team use the NISCC test suite for S/MIME ?
Since it did not understand whether it checked, it mailed.
[NISCC-006489/SMIME]
I have a couple of questions about the FIPS-140 stuff:
1) I don't see any Diffie-Hellman code in the fips part of the source
tree except for the dh_test() function in fips_test_suite.c. Will DH be
available to use in an application that will be running in FIPS mode
without violating the
Steve:
Thank you for the answer.
Just fyi, I and Richard Levitte did spend time to get the code to
work on Windows to the extent that was possible without an
answer to the questions you have now answered.
One concern with your answer is that it appears to imply that
FIPS certification can
In message [EMAIL PROTECTED] on Thu, 13 May 2004 17:42:51 -0400, Jeffrey Altman
[EMAIL PROTECTED] said:
jaltman One concern with your answer is that it appears to imply that
jaltman FIPS certification can only be useful to applications which
jaltman statically link in all libraries. Therefore,
Jeffrey Altman wrote:
Steve:
Thank you for the answer.
Just fyi, I and Richard Levitte did spend time to get the code to
work on Windows to the extent that was possible without an
answer to the questions you have now answered.
One concern with your answer is that it appears to imply that
FIPS
Ben Laurie wrote:
My understanding is that our security policy is that if you can show a
chain of SHA-1 HMAC signatures from the certified source to
whatever-it-is-you-are-running, then you are certified. We provide one
mechanism to do that. You can provide others.
Note that the chain of