For option 2, we have a support contract in place. But does this actually help us as far as the FIPS Object Module?
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Neptune <pdrotter@xxxxxxxxxx>
Sent: Thursday, February 27, 2020 8:56 PM To: openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx> Subject: Re: OpenSSL 3.0 You essentially have three choices:
1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire year without support or security patches. 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue to receive patches on 1.0.2 for the remainder of the year. 3. Pay SafeLogic for support contract to receive 1.0.2 security patches through the year. Cost is roughly half what OpenSSL is asking, but you may be able to negotiate. These are the only options of which I am aware. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html |