To clarify an important distinction - SafeLogic Extended Support for 1.0.2 architecture will not keep the OpenSSL FOM validated past 9/1/2020. SafeLogic does offer a compatible drop-in replacement module that is validated, will remain validated past the 186-2 deprecation on 9/1/2020, and is available with RapidCert, an accelerated validation in your company’s name, but that is a separate offering.
- Walt Walter Paley [email protected] > On Feb 27, 2020, at 12:59 PM, [email protected] wrote: > > Send openssl-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. Re: OpenSSL 3.0 (Salz, Rich) > 2. Re: OpenSSL 3.0 (Neptune) > 3. Re: OpenSSL 3.0 (Salz, Rich) > 4. Re: OpenSSL 3.0 (Jason Schultz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 27 Feb 2020 20:49:33 +0000 > From: "Salz, Rich" <[email protected]> > To: Jason Schultz <[email protected]>, "[email protected]" > <[email protected]> > Subject: Re: OpenSSL 3.0 > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > * The OpenSSL FIPS Object Module will be moved to the CMVP historical list > as of 9/1/2020. Since there is no OpenSSL 3.0 until Q4 2020, and a FIPS > Module will be after that sometime, where does this leave 1.0.2 users who > need a FIPS validated object module past that date? > > Without their free lunch? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/6e69ca80/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 27 Feb 2020 13:56:10 -0700 (MST) > From: Neptune <[email protected]> > To: [email protected] > Subject: Re: OpenSSL 3.0 > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > > > ------------------------------ > > Message: 3 > Date: Thu, 27 Feb 2020 20:58:10 +0000 > From: "Salz, Rich" <[email protected]> > To: Jason Schultz <[email protected]>, "[email protected]" > <[email protected]> > Subject: Re: OpenSSL 3.0 > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > * That's fair. So the only option is to use another module? Extended 1.0.2 > support does not resolve this either, correct? > > I do not think that is the only option. For example, you might be able to > use 3.0 and say it?s ?in evaluation.? There might be other options, that was > all I could think of while composing this email. > > HOWEVER, note that the set of validated platforms for 3.0 is very different > from the current FOM. Someone officially with the project will have to > provide details on that, not me. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/985830ee/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Thu, 27 Feb 2020 20:58:36 +0000 > From: Jason Schultz <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: OpenSSL 3.0 > Message-ID: > > <ch2pr10mb42144fe2fcde9ac37e050dddc7...@ch2pr10mb4214.namprd10.prod.outlook.com> > > Content-Type: text/plain; charset="iso-8859-1" > > For option 2, we have a support contract in place. But does this actually > help us as far as the FIPS Object Module? > > > ________________________________ > From: openssl-users <[email protected]> on behalf of Neptune > <[email protected]> > Sent: Thursday, February 27, 2020 8:56 PM > To: [email protected] <[email protected]> > Subject: Re: OpenSSL 3.0 > > You essentially have three choices: > 1. Stay on the 1.0.2 branch to continue FIPS compliance, but go the entire > year without support or security patches. > 2. Pay OpenSSL for a premium support contract ($50,000 per year) to continue > to receive patches on 1.0.2 for the remainder of the year. > 3. Pay SafeLogic for support contract to receive 1.0.2 security patches > through the year. Cost is roughly half what OpenSSL is asking, but you may > be able to negotiate. > > These are the only options of which I am aware. > > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/ea0d384b/attachment.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > [email protected] > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 63, Issue 44 > *********************************************
