[openssl-users] FIPS 140-2 X9.31 RNG transition expenses

Steve Marquess marquess at openssl.com
Thu Dec 3 15:57:13 UTC 2015

On 12/03/2015 10:41 AM, R C Delgado wrote:
> ...
> BTW, I had guessed why FIPS certification questions don't get answered:
> it's all about funding, but thank you for explaining it in your email.
>>>... FIPS validation business; it has gone
> from economically marginal to unsustainable and as a result we'll
> probably be shutting down the corporate entity that does the FIPS
> validation work at the end of this year. I want to turn off the lights
> while that business is still (barely) in the black...
> I think a formal statement should be posted on the OpenSSL website, so
> that all (FIPS) users know the level of support to expect.

We already have, in the form of a blog entry:


That's still an accurate representation of the situation. We'll continue
to try to do "change letter" updates for the existing 2.0 OpenSSL FIPS
module for as long as that remains possible. The CMVP has recently
introduced a number of new policies and practices with a possibly
significant impact on existing validations; at this point I really don't
know what the future holds.

I'll blog again when I know the outcome of the X9.31 RNG transition issue.

-Steve M.

Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list