OpenSSL FIPs question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL FIPs question

OpenSSLGRT

I am using Portable OpenSSL 0.9.8a for Windows CE 4.20e (http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/) to force my PocketPC 2003 application to post data to our server using TLS and cipher suite 3DES, SHA1, RSA. Works great! The reason for this is to prepare for FIPs 140-2 (forcing TLS, etc required). Is the Portable OpenSSL 0.9.8a part of the idea of Open SSL being FIPs validated (so that is am I using the correct libs here)?

 

Thank you!

 

Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL FIPs question

OpenSSLGRT

Hi --

 

The problem I have is that the PocketPC port I use (see below) is OpenSSL 0.9.8a

(so from what you said below only 0.9.7j and 0.9.7 versions above j are FIPs validated).

But … I know people have been using OpenSSL for getting their apps FIPs validated for longer than before 0.9.7 version so I wonder how that works – how did people use OpenSSL before OpenSSL was FIPs validated to get their apps validated?

Thanks for any info!

 

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of OpenSSLGRT
Sent:
Saturday, February 04, 2006 4:13 PM
To: [hidden email]
Subject: OpenSSL FIPs question

 

I am using Portable OpenSSL 0.9.8a for Windows CE 4.20e (http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/) to force my PocketPC 2003 application to post data to our server using TLS and cipher suite 3DES, SHA1, RSA. Works great! The reason for this is to prepare for FIPs 140-2 (forcing TLS, etc required). Is the Portable OpenSSL 0.9.8a part of the idea of Open SSL being FIPs validated (so that is am I using the correct libs here)?

 

Thank you!

 

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL FIPs question

Kyle Hamilton
Applications can be validated independently of any cryptographic
module.  In that case, the entire application becomes the
cryptographic module, as opposed to merely the library used.

Read the FIPS certification process documentation for more information.

-Kyle H

On 2/4/06, OpenSSLGRT <[hidden email]> wrote:

>
>
>
> Hi --
>
>
>
> The problem I have is that the PocketPC port I use (see below) is OpenSSL
> 0.9.8a
>
> (so from what you said below only 0.9.7j and 0.9.7 versions above j are FIPs
> validated).
>
> But … I know people have been using OpenSSL for getting their apps FIPs
> validated for longer than before 0.9.7 version so I wonder how that works –
> how did people use OpenSSL before OpenSSL was FIPs validated to get their
> apps validated?
>
> Thanks for any info!
>
>
>
>
> -----Original Message-----
>  From: [hidden email]
> [mailto:[hidden email]] On Behalf Of OpenSSLGRT
>  Sent: Saturday, February 04, 2006 4:13 PM
>  To: [hidden email]
>  Subject: OpenSSL FIPs question
>
>
>
> I am using Portable OpenSSL 0.9.8a for Windows CE 4.20e
> (http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/) to
> force my PocketPC 2003 application to post data to our server using TLS and
> cipher suite 3DES, SHA1, RSA. Works great! The reason for this is to prepare
> for FIPs 140-2 (forcing TLS, etc required). Is the Portable OpenSSL 0.9.8a
> part of the idea of Open SSL being FIPs validated (so that is am I using the
> correct libs here)?
>
>
>
> Thank you!
>
>
:—§I"Ï®ˆÞrØm¶Ÿÿà (¥éì²Z+�K­+©¦Ší1¨¥Šx ŠËh¥éì²[¬z»(¥éì²Z+€ ­¢f­yÒâ²Ó�¨®f£¢·hšŠ)z{,–Šà