[openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)

Nou Dadoun ndadoun at teradici.com
Fri Jan 16 21:23:59 UTC 2015

We are currently using FIPS and non-FIPS builds of 0.9.8 where a configuration setting can select FIPS or non-FIPS mode, loads the appropriate build and populates a  function table which is used by the code for OpenSSL functionality.

We would like to update the non-FIPS build to a later version (e.g. 1.0.1) which has support for TLS 1.1/1.2 (etc.) which could then co-exist with the increasingly insecure but certified FIPS build in this way.

Has anybody tried this?   Any gotchas come to mind?  E.g. does a canister need to be used for the non-FIPS?  Are there any major API changes between the two (besides APIs and/or parameter values which have been added or extended)?  Is this a crazy thing to do?

Thanks in advance for any relevant comments! ... N

More information about the openssl-users mailing list