[openssl-users] FIPS Certification

Jakob Bohm jb-openssl at wisemo.com
Wed Jan 27 16:54:21 UTC 2016


The unfortunate people who are legally required to use
FIPS-validated crypto are legally restricted to use
*only* the crypto sw/hw on the FIPS validated list and
*only* in the specific configurations (OS etc.) listed
for each on that list.

Everybody else is better off not trying to use FIPS-
restricted modes and setups.

Those who make software for use by the unfortunate
people obviously have to stay within the limits of
what they are allowed to use, but only in software
for them.

On 27/01/2016 17:34, Imran Ali wrote:
> I might be asking asking a very basic question so do apologies upfront but I need to have  a clear understanding on this.
> The platforms mentioned under #1747 and #2473 does not contain the latest versions of Operating System e.g. Windows 2012 R2 and Windows 10. Does this have any impact on the certification or these libraries can now be used on any OS.
> Regards,
> Imran
> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Jakob Bohm
> Sent: 27 January 2016 15:54
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] FIPS Certification
> On 27/01/2016 16:24, Imran Ali wrote:
>> All,
>> Looking at the website
>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
>> There is a new date of 01/25/2016 under Validation against OpenSSL
>> Software Foundation <http://openssl.com/> (2473). Does that mean that
>> we now have a FIPS compliant Open SSL again?**
>> **
> According to yesterday's post by Steve Marquess, the platforms listed under validation #1747 and
> #2473 are OK (for now), but the platforms listed under validation #2398 are still at risk unless
> #2398 too gets updated before January 31.
>

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160127/c14b9029/attachment-0001.html>


More information about the openssl-users mailing list