Two new zips for Win32 and Win64 versions of OpenSSL 1.0.2n
can now be downloadable from the Wiki at:

PLEASE NOTE the EU in the URL, not BE, this is a new wiki server.  

There is one moderate security fix relating to badly written
applications that ignored SSL handshake errors and continuing to read
and write, then without SSL. I don't believe this ever effected ICS,
which mostly has good error handling.  

There is also a new alternate OpenSSL version available, 1.0.2m-fips
(still one release behind) that is supported by ICS V8.51 (overnight
zip and SVN).   

The Federal Information Processing Standard (FIPS) Publication 140-2,
is a US government computer security standard used to approve
cryptographic modules.  OpenSSL provides optional fips support that can
be compiled in, which includes an integrity self test (similar to
Microsoft code signing) and which limits some cryptography.  ICS V8.51
add support for OpenSSL 1.0.2m-fips, which needs a little extra code in
the application to initialise fips mode and run the self test, see the
OverbyteIcsHttpsTst and OverbyteIcsSslMultiWebServ SSL samples.

Beware that getting an application certified by an accredited third
party laboratory to FIPS 140-2 can take up to a year, and is very
onerous and expensive.  It will be necessary to prove the OpenSSL DLLs
were built from certified source code, and ICS can not provide such
proof.  So essentially you need to acquire approved Windows DLLs
elsewhere, and just use the ICS version for testing.


To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to