[redhat-lspp] Related Question: FIPS 140-x compliance
Steve Grubb
sgrubb at redhat.com
Tue Jun 27 18:34:20 UTC 2006
On Tuesday 27 June 2006 14:28, Stephen John Smoogen wrote:
> I was wondering how the systems will implement encryption algorithms
> for FIPS-140-1 compliance.
FIPS 140 and LSPP have nothing in common. LSPP does not require it.
> Will they be shipping with openssl-fips-1.0.tar.gz and having that as the
> library set compiled against.. or will there be a seperate binary/library
> channel for these?
I explained this on fedora-devel list a while back. openssl-fips-1.0.tar.gz
cannot be shipped by us for several reasons. First, it contains patented
algorithms which Red Hat objects to. This is documented in the README file
inside the same tarball. Also, the FIPS 140 work was done on 0.9.7 and we are
way past that somewhere in 0.9.8 series. The cert on 0.9.7 does not carry
over to 0.9.8. A new cert must be done.
-Steve
More information about the redhat-lspp
mailing list