httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Apache2 FIPS Certified?
Date Fri, 12 Aug 2005 19:26:44 GMT
At 08:12 AM 8/12/2005, Jess Holle wrote:
>Thanks for the information, Bill.
>As best I could tell it looks like the OpenSSL folk have not gotten around to bringing
the fips mode forward into 0.9.8 yet either...

That's not as likely to happen on any particular schedule, and
would be a pointless exercise until the implementation under
test passes muster.  Who knows, certain parts may be sent back
to the OpenSSL project for complete rework.  Why port what may
be a moving target?

You have to understand that FIPS testing is an expensive, time
consuming, cyclic process.  The crypto code was *FROZEN* at a
specific point in time.  There is a certain threshold for 
allowable fixes before the module must be re-certified, but
you won't be seeing many rapid releases of crypto code changes,
as is the general course for OpenSSL project development.

is the current news, such as it is.


View raw message