As always, if you don't know or care what FIPS 140-2 is then count yourself lucky and move on (in this case, count yourself *very* lucky). We have -- we think -- a workaround for the "hostage" issue that was blocking the addition of new platforms to the OpenSSL FIPS module validation via "change letter" updates. That issue impacted several platform updates that were already in process (the "hostages"). The workaround is messy, ugly, and complex in the finest tradition of bureaucratic molehill-to-mountain obfuscation. An attempt to describe it can be found here: http://openssl.com/fips/ransom.html The TL;DR is that the current #1747 validation becomes three validations that share the same OpenSSL FIPS module (more or less). So, actual use and deployment of the FIPS module will be the same as before and all previously tested platforms remain available (that's the big win). Compliance paperwork will require some careful attention to the multiple validations which will overlap the same module (the downside). Confusion is inevitable, feel free to post questions to this list. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
