RE: [Fed-Talk] Disabling sslv2 on ssh
RE: [Fed-Talk] Disabling sslv2 on ssh
- Subject: RE: [Fed-Talk] Disabling sslv2 on ssh
- From: "Losasso, Jonathan E IT3 CCG, N63" <email@hidden>
- Date: Wed, 25 Feb 2009 07:04:53 -0800
- Thread-topic: [Fed-Talk] Disabling sslv2 on ssh
Word I got was FIPS only applies to non-military agencies and contractors.
Thus netwarcom's bypass
-Jonathan
-----Original Message-----
From: Miller, Timothy J. [mailto:email@hidden]
Sent: Tuesday, February 24, 2009 14:59
To: Losasso, Jonathan E IT3 CCG, N63; email@hidden
Subject: Re: [Fed-Talk] Disabling sslv2 on ssh
Not surprised, but you should hit them back on that. FIPS compliance is
Federal law.
-- Tim
On 2/24/09 4:55 PM, "Losasso, Jonathan E IT3 CCG, N63"
<email@hidden> wrote:
> In order to be compliant with netwarcom, openssl needs to be the
> newest version (0.9.8j), funny huh.
>
> -----Original Message-----
> From: Miller, Timothy J. [mailto:email@hidden]
> Sent: Tuesday, February 24, 2009 14:25
> To: Losasso, Jonathan E IT3 CCG, N63; email@hidden
> Subject: Re: [Fed-Talk] Disabling sslv2 on ssh
>
> On 2/23/09 4:30 PM, "Losasso, Jonathan E IT3 CCG, N63"
> <email@hidden> wrote:
>
>> Tim - We are running the latest version of openssl 0.9.8j, had to
>> compile on my own as apple is sometimes slow to release updates, so
>> not exactly the version that ships with leopard.
>
> Which is still not FIPS compliant. The OpenSSL FIPS Object Module
> will only work with OpenSSL 0.9.7. See:
>
> http://www.oss-institute.org/fips-faq.html
>
> http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf
>
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp733.pd
> f
>
> On how to get FIPS compliant with OpenSSL.
>
> This is a DIACAP requirement, so you're going to run into it sooner or
> later.
>
> -- Tim
>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden