Will my application be FIPS 140-2 Certified under following conditions?

Salz, Rich rsalz at akamai.com
Thu Jul 4 14:44:01 UTC 2019


>    Is the use of OpenSSL an actual legal requirement of the certification of
    the FIPS object module, or just the easiest way to use it?
  
I'm not sure who you are asking this.

The exiting FIPS validations for OpenSSL only cover the 1.0.2 based source code.
  
>    Difference would be particularly significant in case someone created code
    to use the validated FOM 2.0 module with the OpenSSL 1.1.x feature
    enhancements (as the project itself has indicated no desire to do so).
  
They would have to get their own validation, their own lab to verify, etc., etc.




More information about the openssl-users mailing list