[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
Stephen Henson via RT
rt at openssl.org
Fri Mar 13 22:51:30 UTC 2015
On Fri Mar 13 21:00:30 2015, Santosh.Rath at ca.com wrote:
> Thank you Stephen,
>
> Since the product is already build on
> openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there
> could be lot of change in terms of API what our product use.
Well if you'd used any OpenSSL 0.9.8 using
./config fipscanisterbuild
then the result would not be FIPS compliant as you weren't using the validated
FIPS module. In outline you need to download the FIPS module appropriate for
your version of OpenSSL. For 0.9.8 the latest is 1.2.4 you can get it from:
https://www.openssl.org/source/old/fips/openssl-fips-1.2.4.tar.gz
Extract the tarball. Build and install using:
./config fipscanisterbuild
make
make install
Download OpenSSL 0.9.8 latest tarball currently:
https://www.openssl.org/source/openssl-0.9.8ze.tar.gz
and extract it. Then do:
./config fips
make
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list