To clarify an important distinction - SafeLogic Extended Support for 1.0.2 architecture will not keep the OpenSSL FOM validated past 9/1/2020. SafeLogic does offer a compatible drop-in replacement module that is validated, will remain validated past the 186-2 deprecation on 9/1/2020, and is available with RapidCert, an accelerated validation in your company’s name, but that is a separate offering. - Walt Walter Paley Walt@xxxxxxxxxxxxx > On Feb 27, 2020, at 12:59 PM, openssl-users-request@xxxxxxxxxxx wrote: > > Send openssl-users mailing list submissions to > openssl-users@xxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-request@xxxxxxxxxxx > > You can reach the person managing the list at > openssl-users-owner@xxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Re: OpenSSL 3.0 (Salz, Rich) > 2. Re: OpenSSL 3.0 (Neptune) > 3. Re: OpenSSL 3.0 (Salz, Rich) > 4. Re: OpenSSL 3.0 (Jason Schultz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 27 Feb 2020 20:49:33 +0000 > From: "Salz, Rich" <rsalz@xxxxxxxxxx> > To: Jason Schultz <jetson23@xxxxxxxxxxx>, "openssl-users@xxxxxxxxxxx" > <openssl-users@xxxxxxxxxxx> > Subject: Re: OpenSSL 3.0 > Message-ID: <1E825139-40C4-4888-AB96-32FC423F0B9C@xxxxxxxxxx> > Content-Type: text/plain; charset="utf-8" > > * The OpenSSL FIPS Object Module will be moved to the CMVP historical list as of 9/1/2020. Since there is no OpenSSL 3.0 until Q4 2020, and a FIPS Module will be after that sometime, where does this leave 1.0.2 users who need a FIPS validated object module past that date? > > Without their free lunch? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/6e69ca80/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 27 Feb 2020 13:56:10 -0700 (MST) > From: Neptune <pdrotter@xxxxxxxxxx> > To: openssl-users@xxxxxxxxxxx > Subject: Re: OpenSSL 3.0 > Message-ID: <1582836970178-0.post@xxxxxxxxxxxxx> > Content-Type: text/plain; charset=us-ascii > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > > > ------------------------------ > > Message: 3 > Date: Thu, 27 Feb 2020 20:58:10 +0000 > From: "Salz, Rich" <rsalz@xxxxxxxxxx> > To: Jason Schultz <jetson23@xxxxxxxxxxx>, "openssl-users@xxxxxxxxxxx" > <openssl-users@xxxxxxxxxxx> > Subject: Re: OpenSSL 3.0 > Message-ID: <3CFEF9FC-D5E7-46D4-8D61-C485BF81E120@xxxxxxxxxx> > Content-Type: text/plain; charset="utf-8" > > * That's fair. So the only option is to use another module? Extended 1.0.2 support does not resolve this either, correct? > > I do not think that is the only option. For example, you might be able to use 3.0 and say it?s ?in evaluation.? There might be other options, that was all I could think of while composing this email. > > HOWEVER, note that the set of validated platforms for 3.0 is very different from the current FOM. Someone officially with the project will have to provide details on that, not me. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/985830ee/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Thu, 27 Feb 2020 20:58:36 +0000 > From: Jason Schultz <jetson23@xxxxxxxxxxx> > To: "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx> > Subject: Re: OpenSSL 3.0 > Message-ID: > <CH2PR10MB42144FE2FCDE9AC37E050DDDC7EB0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> > > Content-Type: text/plain; charset="iso-8859-1" > > For option 2, we have a support contract in place. But does this actually help us as far as the FIPS Object Module? > > > ________________________________ > From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Neptune <pdrotter@xxxxxxxxxx> > Sent: Thursday, February 27, 2020 8:56 PM > To: openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx> > Subject: Re: OpenSSL 3.0 > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/ea0d384b/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@xxxxxxxxxxx > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 63, Issue 44 > *********************************************
