[openssl-users] FIPS JCE cryptographic modules usage with Openssl-1.0.1j and openssl-fips-2.0.7

Wed Jan 21 21:10:37 UTC 2015

> On Jan 21, 2015, at 8:09 AM, Philip Bellino <pbellino at mrv.com> wrote:
> 
> Hello,
> 
> I apologize if this is not the correct forum for my questions, so here goes.
> 
>  
> 
> 1.       Are the RSA JSafeJCE and the IBM’ IBMJESFIPS cryptographic modules being used widely against Openssl in FIPS mode?

In what way do you mean “against”?  As in two (or more) programs communicating with one another, at least one of which uses OpenSSL and at least one of which uses one of the others?  Or as in those modules being used in preference to OpenSSL?  If the former, I’m not aware of anything in particular.  However, it should be noted that the FIPS validations would mean the actual algorithm are compatible, so there’s no reason they couldn’t be used in such ways, assuming appropriate care is taken to use equivalent parameters, keys, etc.  If the latter, I’m not sure if there’s any way to measure that, and any measurement is probably meaningless, taken in total — it’d be more meaningful to make such determinations with respect to a particular type of application or a more specific customer space (although the latter is already pretty specific, since requiring FIPS 140 isn’t exactly a general customer thing).

> 2.       If so, have these modules kept pace with the latest Openssl FIPS implementation.

I don’t quite follow.  Those products are entirely separate from OpenSSL (and each other), and none of them affect any of the others.  Indeed, because of the way validation testing is performed and interpreted, one implementation may have more onerous changes enforced than another.  If you’re wondering about new interpretations that have caused changes in OpenSSL, and if those interpretations have also affected those implementations, you’d need to ask RSA and IBM.  I doubt they’ll tell you anything other than the appropriate certificate numbers for their products, and let you look up the dates they were awarded, though.  :)

TOM

>  
> 
> Thank you.
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Phil Bellino
> 
> Principal Software Engineer | MRV Communications Inc.
> 
> 300 Apollo Drive |  Chelmsford, MA 01824
> 
> Phone: 978-674-6870  |   Fax: 978-674-6799
> 
> www.mrv.com
> 
> 
>  
> 
> <image001.png>
>  
> 
>  
> 
> 
>  
> The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
> 
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users