|
|
|
|
|
|
by er4hn
1191 days ago
|
|
|
> A FIPS 140-3 compliant FIPS Provider This is actually a pretty big deal. FIPS 140 certifications are required for a lot of US Federal sales. The FIPS 140 standard changed sometime in the past year from major version 2 to major version 3 and lots of changes are required to certify against the v3 standard, even if you had a v2 certification. What's not obvious is that a lot of FIPS 140 certified software libraries are whitelabeled openssl. Because of the openssl teams hard work in getting this released, it really lowers the barrier to entry for companies trying to sell software to the US Federal government. I wish the certifications were not as onerous as they were, but this is a big step forward for teams that are not staffed to read and implement several hundred pages of ISO standards for how to correctly implement crypto algorithms. Don't even get me started on how the standards you certify against are themselves copyrighted... |
|
|