On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update: https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ Matt
Given this announcement, a few questions arise: - How will a FIPS provider in the main tarball ensure compliance with the strict code delivery and non-change requirements of the CMVP (what was previously satisfied by distributing physical copies of the FIPS canister source code, and sites compiling this in a highly controlled environment to produce a golden canister)? - Will there be a reasonable transition period where users of the old FIPS-validated module can transition to the new module (meaning that both modules are validated and usable with a supported FIPS-capable OpenSSL library)? I imagine that applications relying on the existing FIPS canister will need some time to quality test their code with all the API changes from OpenSSL 1.0.x to OpenSSL 3.0.x . OS distributions will also need some time to roll out the resulting feature updates to end users. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
