Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is actually understating it. The libressl developers purged the code base of the FIPS stuff as part of a policy. From here:

* https://marc.info/?l=openbsd-misc&m=139819485423701&w=2

"Note that FIPS mode isn't just worthless, it's actively harmful."



Unfortunately if you work with the US Government, there are situations where FIPS mode is required. This is why RHEL and CentOS still use OpenSSL...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: