OpenSSL loses FIPS 140-2 Certification

OhHellWithIt writes "Government Computer News reported on Tuesday that OpenSSL has lost FIPS 140-2 certification, only six months after receiving it. It sounds like bad news for those of us who would like to see open source gain more of a foothold in U.S. federal workplaces." Readers have updated this story with an update saying the certification has shifted again.

I'm guessing

[PunkOfLinux]

I'm guessing that this certification is necessary if you want your product to be used in the federal government, right???

Related Links

[john_sheu]

"receiving it" in the Related Links sidebar? That's just asking for it...

Weasel words

[sharkey]

On July 14 the CMVP Web site listed the OpenSSL certificate 642 as revoked. On Monday it was listed as not available. A statement from CMVP supervisor Randy Easter indicated there is no distinction between the two terms.

Then what honest reason is there for HAVING different terms?

That's because

[caluml]

That's because they've found the back door I embedded in it while no-one was looking last Christmas. Wait, someone's at the door.

Re:Reasons Not Given?

Dear Smooth Wombat,
You had heroin in your system and traces of anally absorbed KY Jelly.

Regards,
Three Letter Agency

Re:Reasons Not Given?

[ChrisDolan]

TLA Psych Report for: [Smooth Wombat]
Recommendation: REJECT
Reason:
  Psych models predict subject shows high likelihood
  of revealing operational procedures to Slashdot