[openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)
ndadoun at teradici.com
Fri Jan 16 21:23:59 UTC 2015
We are currently using FIPS and non-FIPS builds of 0.9.8 where a configuration setting can select FIPS or non-FIPS mode, loads the appropriate build and populates a function table which is used by the code for OpenSSL functionality.
We would like to update the non-FIPS build to a later version (e.g. 1.0.1) which has support for TLS 1.1/1.2 (etc.) which could then co-exist with the increasingly insecure but certified FIPS build in this way.
Has anybody tried this? Any gotchas come to mind? E.g. does a canister need to be used for the non-FIPS? Are there any major API changes between the two (besides APIs and/or parameter values which have been added or extended)? Is this a crazy thing to do?
Thanks in advance for any relevant comments! ... N
More information about the openssl-users