OpenSSL *source* to get FIPS 140-2 Level 1 certification
Rich Salz
rsalz at datapower.com
Fri Sep 5 16:05:07 EDT 2003
Anton Stiglic:
>>If I'm not mistaken, this would be the first free,
>>open-source, crypto library that has FIPS 140 module certification!
It is the first *source code* certification.
Joshua Hill:
> The two open-source projects that I'm aware of that have FIPS 140 certs
> are The Crypto++ Library, (cert 343, issued today) and The Mozilla
> project's NSS, which was certified by SUN under FIPS 140-1, levels 1
> and 2. (certs 247 and 248).
#343 is certifying a particular windows DLL for which source is
available. Similarly, 247 and 248 are particular instances of Windows
and Solaris libraries. In all three of those cases, you can take the
source and run it on your o/s, but you need to go get re-certified.
The more I think about it, the more amazing this is. Anyone in the world
can now build an SSL/TLS application and be FIPS 140-2L1 certified.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list