sorry we diddn't get to this sooner. we're only taking 1.0.1 security fixes now. and if you so much as *sneeze* on source code, you need a FIPS change letter :) -- Rich Salz, OpenSSL dev team; rsalz at openssl.org