Reply to post: Re: Could we fucking kill it already?

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes


Re: Could we fucking kill it already?

"lack of FIPS 140 validation"

The NIST website shows that the vast majority of OpenSSL installations in the wild are not validated either, the validation applies to a very small set of hardware + software configurations. Judging by the short list of valid configurations it looks like vendors paid NIST to validate specific configurations - is there something stopping Vendors from submitting LibreSSL for validation ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019