Will my application be FIPS 140-2 Certified under following conditions?
Jakob Bohm
jb-openssl at wisemo.com
Mon Jul 8 09:18:35 UTC 2019
On 08/07/2019 10:12, Dr Paul Dale wrote:
> I have to disagree with the “decision not to make a FIPS module for
> the current 1.1.x series” comment. Technically, this is true. More
> practically, 3.0 is intended to be source compatible with 1.1.x. Thus
> far, nothing should be broken in this respect.
>
The key word is "intended".
> If support for 1.0.2 is required beyond the end of this year, it is
> available: https://www.openssl.org/support/contracts.html
>
I am unsure if this is an affordable route for all affected users
and distributions (especially non-profit OS distributions).
>
> I’d also be interested to know what is wrong with the policy page?
>
Only that it states the policy of stopping 1.0.2 support at end of
2019, which would be fine if a FIPS-capable replacement had been
ready by now (as is fortunately the case for non-FIPS).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list