“After a long and arduous journey that included a suspended validation last year, the Open Source Software Institute has announced that OpenSSL has regained its FIPS 140-2 validation and is now available for download. The validation process, which normally lasts a few months, took an astounding five years to complete, and those involved with the projects say they are already devising ways to avoid such long delays in future validations.”
..would be nice to have too!
> ..would be nice to have too!
“Read The Source, Luke…”
(sorry, couldn’t resist
OpenSSL never had proper documentation. It’s amazing how it got to be so popular, and how it got certified… since I presume that requires proper documentation…
My experience obviously doesn’t match yours. I spend quite a bit of time in the openssl man pages and they’re pretty damn good. Not only is there a rather lengthy man page for openssl but each one of it’s functions has it’s own man page that’s extremely complete.
Some functions are totally undocumented, such as PKCS5_PBKDF2_HMAC_SHA1.
It is popular because it is the best SSL/crypto toolkit. However, most people using it have no idea how to use it properly (DH-parameters, CRL handling, etc. is important).
Edited 2007-02-09 23:44
If you don’t like openssl, there’s also
-gnutls http://www.gnu.org/software/gnutls/
and
-Mozilla NSS http://www.mozilla.org/projects/security/pki/nss/
So, openssl isn’t the only game in town, but it does have pretty nice licensing terms, excellent portability, and a mature codebase. I’ve found the documentation to not be too bad, and there are lots of tutorials out there, not to mention the source code is available for browsing.
Yup, the lack of viral licence does help it emensely, and being a dependency of extremely popular programmes like OpenSSH doesn’t hurt it’s popularity either.
This article describes yet another great win for open source software. Regaining this validation despite the CMVP receiving all sorts of commercial FUD is just more assurance that open source software can stand beside its commercial counterparts.