Steve, thank you for alerting us. Do I understand correctly that by "platform", not a general OS (like "Linux", "Solaris") on a specific hardware (sparc, x86, ...) is meant, but a very specific distribution release, like "Ubuntu 14.04", or "CentOS 7.0", on e.g. x86? This would mean that there would be no fips compliant openssl build possible on e.g. a future "CentOS 8.1"? We are currently using the fips module on Solaris 10, and have plans to use it on Linux, probably RHEL 7.X, but depending on the time in the future, that could well be RHEL 8.X. Isaac -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Steve Marquess Sent: Mittwoch, 25. Februar 2015 15:08 To: openssl-users at openssl.org Subject: End of the line for the OpenSSL FIPS Object Module? As always, if you don't know or care what FIPS 140-2 is count yourself very, very lucky and move on. The open source based OpenSSL FIPS module validations now date back over a decade, a period during which we've encountered many challenges. We have recently hit an issue that is apparently inconsequential on its face, but which threatens to bring an end to the era of the open source validated module. This is a situation that reminds me of the old "for want of a nail..." ditty (https://en.wikipedia.org/wiki/For_Want_of_a_Nail). Tedious details can be found here: http://openssl.com/fips/hostage.html The short take is that for now at least the OpenSSL FIPS Object Module v2.0, certificate #1747, can no longer be updated to include new platforms. This development also wrecks the already marginal economics of tentative plans for a new open source based validation to succeed the current #1747. So, the #1747 validation may be the last of the collaborative open source FIPS modules. If you are a stakeholder currently using the OpenSSL FIPS module, or with a desire to use it or successor modules (either directly or as the basis for a "private label" validation), this is the time to speak up. Feel free to contact me directly for specific suggestions or to coordinate with other stakeholders. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users