On 05/24/2016 07:56 AM, Philip Bellino wrote: > Hello, > > I am looking for the Changelog that explains the changes between > openssl-fips-2.0.9 and 2.0.12. > > > > The README.FIPS that comes with 2.0.12 points here: > https://www.openssl.org/docs/fips but I cannot find the changes. > > > > Any help would be most appreciated. Look at the Security Policy document, "Modification History": http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2398.pdf Since in general we aren't allowed to add new functionality or even to fix security vulnerabilities for validated modules, the only reason to use a newer module revision (2.0.12) instead of an older one (2.0.9) is that the older one lacks support for your specific platform(s) of interest; there is no advantage in updating already fielded modules like you would for OpenSSL proper or other more conventionally maintained software. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
