[openssl-users] Clarification on FIPS Tested Configurations

Nicholas von Waltsleben nicholas.vonwaltsleben at voss-solutions.com
Fri Oct 9 12:13:00 UTC 2015


I am seeking clarification on what Section 2 (Tested Configurations) of the
OpenSSL FIPS 140-2 Security Policy means.  Are these:

a) specific configurations that are known to work
b) the only configurations permitted by the relevant NIST certifications?

I initially believed/assumed that as long as I could compile the OpenSSL
FIPS module, without any source changes and following the prescribed steps
exactly, I could use it on our platform.  However the more I look at the
Security Policy the less sure I am whether that is the case.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151009/1cef5a0e/attachment.html>

More information about the openssl-users mailing list