Thanks for all the comments, they're much appreciated. It is a Debian system, so there is no Red Hat FIPS validation (or SuSE which also has one I think) or validated components that can be used. If I may, I'd like to ask about including the Linux kernel in the validation. Now, including glibc2 was a pretty bad idea, it cannot get better with the kernel. In this case, IPSec (libreswan) is using the kernel's crypto functions. So it seems there would be no way out of this one. Any insight on this matter ? - thanks. Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-FIPS-mode-restrictions-and-DES-tp57497p57533.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
