FIPS 2.0: Heart Bleed

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

FIPS 2.0: Heart Bleed

Jason Todd-4
Just to verify, heart bleed doesn't look like it effects the fipscanister. I can just recompile openssl 1.0.1c with the no heart beat option and my current canister and still retain FIPS certification.
Reply | Threaded
Open this post in threaded view
|

Re: FIPS 2.0: Heart Bleed

ag@gmail
Yes, you are correct.

-ag

--
sent via 100% recycled electrons from my mobile command center.

> On Apr 10, 2014, at 5:54 AM, Jason Todd <[hidden email]> wrote:
>
> Just to verify, heart bleed doesn't look like it effects the fipscanister. I can just recompile openssl 1.0.1c with the no heart beat option and my current canister and still retain FIPS certification.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: FIPS 2.0: Heart Bleed

Jason Todd-4
One other quick question. Is it possible to use the fipscanister from 1.0.1c with 1.0.1g and maintain compliance? Assuming that even compiles


On Thu, Apr 10, 2014 at 9:32 AM, ag@gmail <[hidden email]> wrote:
Yes, you are correct.

-ag

--
sent via 100% recycled electrons from my mobile command center.

> On Apr 10, 2014, at 5:54 AM, Jason Todd <[hidden email]> wrote:
>
> Just to verify, heart bleed doesn't look like it effects the fipscanister. I can just recompile openssl 1.0.1c with the no heart beat option and my current canister and still retain FIPS certification.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: FIPS 2.0: Heart Bleed

Steve Marquess-3
On 04/10/2014 11:36 AM, Jason Todd wrote:
> One other quick question. Is it possible to use the fipscanister from
> 1.0.1c with 1.0.1g and maintain compliance? Assuming that even compiles

fipscanister is not "from" 1.0.1 anything; it is from the OpenSSL FIPS
Object Module 2.0, i.e. one of the openssl-fips-2.0.N.tar.gz
distributions. The FIPS module is unaffected by the heartbeat bug.

So yes, can can and should upgrade to a "FIPS capable" 1.0.1g.

-Steve M.

--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
[hidden email]
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]