This was (is) the first case of open source software being validated, as opposed to a specific product.
It is important to note that FIPS 140-2 validation simply, proves that the cryptographic algorithms (the math) has been implemented correctly, it does not necessarily mean that the system actually works as advertised.
Also, if you are a government type or contractor, make sure the vendor supplied product actually uses the version that received accreditation. Many times, that was an older version, but the marketing types keep (falsely) stating that the product is FIPS certified!!!
Slashdot Mirror
OpenSSL is FIPS 140-2 validated:
t m
http://csrc.nist.gov/cryptval/140-1/1401val2006.h
Look for # 642
This was (is) the first case of open source software being validated, as opposed to a specific product.
It is important to note that FIPS 140-2 validation simply, proves that the cryptographic algorithms (the math) has been implemented correctly, it does not necessarily mean that the system actually works as advertised.
Also, if you are a government type or contractor, make sure the vendor supplied product actually uses the version that received accreditation. Many times, that was an older version, but the marketing types keep (falsely) stating that the product is FIPS certified!!!