On 6/16/20 8:00 AM, Philip Guenther wrote: > Simply _using_ that library is not nearly enough to pass any sort of > compliance check.
Philip, you're absolutely right. Everybody seriously interested in that should dig in the mailing list archive of the openss-users list and OpenSSL blog for postings about FIPS compliance. Be prepared for tons of unrealistic requirements. Steve Marquess' e-mails about FIPS sent to openssl-users usually begin with: "As always, if you don't care about FIPS 140 then count yourself lucky and move on." Ciao, Michael.
