No mention of whether or not this will apply to EVERYTHING in a program, or
will it be left to administrative guidance. Your thoughts, for example, on a
“FIPS mode” flag for SSL or SSL_CTX? At a minimum, that needs to be listed as
a stakeholder requirement (from Akamai).
From: "t...@openssl.org" <t...@openssl.org>
Reply-To: "email@example.com" <firstname.lastname@example.org>
Date: Wednesday, March 14, 2018 at 5:33 AM
To: "email@example.com" <firstname.lastname@example.org>
Subject: [openssl-project] OpenSSL FIPS Wiki Update
I've edited that to be closer to the list of items we are discussing and to
remove things which looked like commitments that are out of scope of our
As always, feedback is welcome - but we have had a few people referencing that
out of date information so I fixed at least that issue (hopefully).
openssl-project mailing list