[openssl-users] End of the line for the OpenSSL FIPS Object Module?

Steve Marquess marquess at openssl.com
Wed Feb 25 14:08:00 UTC 2015

As always, if you don't know or care what FIPS 140-2 is count yourself
very, very lucky and move on.

The open source based OpenSSL FIPS module validations now date back over
a decade, a period during which we've encountered many challenges.
We have recently hit an issue that is apparently inconsequential on its
face, but which threatens to bring an end to the era of the open source
validated module. This is a situation that reminds me of the old "for
want of a nail..." ditty (https://en.wikipedia.org/wiki/For_Want_of_a_Nail).

Tedious details can be found here:


The short take is that for now at least the OpenSSL FIPS Object Module
v2.0, certificate #1747, can no longer be updated to include new
platforms. This development also wrecks the already marginal economics
of tentative plans for a new open source based validation to succeed the
current #1747. So, the #1747 validation may be the last of the
collaborative open source FIPS modules.

If you are a stakeholder currently using the OpenSSL FIPS module, or
with a desire to use it or successor modules (either directly or as the
basis for a "private label" validation), this is the time to speak up.
Feel free to contact me directly for specific suggestions or to
coordinate with other stakeholders.

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list