Can applications built with 'FIPS Capable OpenSSL' be called as 'FIPS 140-2' certified?
Dipak B
deepak.redmi2 at gmail.com
Wed Jul 3 17:35:12 UTC 2019
Hi,
Thank you for the quick answer.
Both the questions have subtle difference. My apology they appear almost
same.
So, to clear my doubts, following is my understanding
a) An application is FIPS 140-2 certified if and only if it links directly
to 'fipscanister.lib'.
b) Application which links to 'libcurl.lib' and has no direct called to
OpenSSL can be called as FIPS 140-2 certified if and only if the
libcurl.lib used is generated using 'fipscanister.lib'
Not To be said / just repetition
Application linking with ssleay.lib from FIPS capable OpenSSL is not FIPS
140-2 certified.
Regards,
Deepak
On Wed, Jul 3, 2019 at 10:37 PM Salz, Rich <rsalz at akamai.com> wrote:
> Didn’t you just ask this question? :)
>
>
>
> If you followed the Win32 build instructions **exactly** and you build
> your application to turn on FIPS mode and link against the canister, then
> yes.
>
>
>
> If you made changes to the process, then no.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190703/248e5cba/attachment.html>
More information about the openssl-users
mailing list