December 24, 2003

OpenSSL gains FIPS 140-2 Certification!

Way to go guys! GCN reports that NIST has approved the OpenSSL library of encryption algorithms for use on sensitive government networks.

The cryptographic module of OpenSSL has passed Federal Information Processing Standard 140-2 Level 1 tests. (FIPS 140-2).

This is great news. And its great to see open-source software get a thumbs up on the security end of things. If you don't understand why having FIPS is good, understand that it is an extensive external validation of the crypto used in the software. Check out the FIPS Standards to learn more about the validation process. If you want to understand the implications for OpenSSL, read the OSSI FIPS FAQ.

Posted by SilverStr at December 24, 2003 10:04 AM | TrackBack