[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Antw: use openssl or moznss for more than TLS?
On Fri, Oct 25, 2013 at 7:59 PM, Michael Ströder <michael@stroeder.com> wrote:
> Steve Eckmann wrote:
>> We are using {SSHA} (SHA-1) in OpenLDAP now. The customer wants SHA-512.
>> And they require a FIPS-validated implementation, which I think narrows our
>> options to using either OpenSSL or NSS in FIPS mode. I cannot see a better
>> way to meet the customer's two requirements than gutting pw-sha2 and using
>> that as a thin wrapper for the raw crypto functions in either openssl or
>> nss.
>
> You probably should first ask on the openssl-users mailing list under which
> conditions you get some "FIPS-validated" code regarding the whole OpenLDAP
> "application". Likely it's not feasible.
>
> I'm pretty sure that your customer FIPS requirement is plain nonsense and you
> might work around this by some other strange policy text. ;-}
I am not sure "nonsense" if some distro are doing something in this
area. Right or,
perhaps, sometime wrong (o perhaps sometime break).
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Best regards
>
> Ciao, Michael.
>