Related: http://marc.info/?l=openssl-announce&m=138747119822324&w=2 -- in short, flaws found in Dual EC DRBG in the FIPS-validated code demonstrates that the code is under-used and fixing even fairly obvious flaws isn't allowed.
I'm not keen on turning on OpenSSL's FIPS modes in our releases. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/95001 Title: Please provide FIPS compliant version To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/95001/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
