Use of -no-ec when building the FIPS capable openssl doesn’t affect the FIPS
module at all, and therefore doesn’t affect any statements you can make
regarding FIPS 140 compliance. The -no-ec option will prevent elliptic curve
cryptography from being used in OpenSSL when NOT using the FIPS modul
Hi Jeffrey,
I used openssl_fips 1.2 with openssl 0.9.8l. and planning to upgrade
openssl-0.9.8l to 0.9.8za with -no-ec option. Please let me know is it
break my fips compliance.
Thanks,
Gayathri
On Fri, Aug 8, 2014 at 11:09 AM, Jeffrey Walton wrote:
> On Fri, Aug 8, 2014 at 1:11 AM, Gayathri
On Fri, Aug 8, 2014 at 1:11 AM, Gayathri Manoj wrote:
>
> Please let me know openssl-0.9.8za with -no-ec option is fips compliant or
> not.
No. If you want FIPS validated crypto, then you need one of the
openssl-fips-*-tar.gz downloads. They produce the FIPS Object Module.
openssl-0.9.8xxx is FIP
Hi All,
Please let me know openssl-0.9.8za with -no-ec option is fips compliant or
not.
Thanks,
Gayathri
