Now that the OpenSSL Software Foundation (OSF) has announced that they have halted their “private label” program and have no future plans for continuing their own FIPS 140 validations, what are application developers supposed to do? OpenSSL is one of the most popular open source tools used by developers to provide TLS/SSL functions, as well as lower-level cryptographic functions, so this news is very concerning for a lot of companies.
Luckily, our timing to launch was excellent, as SafeLogic’s CryptoComply picks up where OSF left off. CryptoComply is a FIPS 140-2 validated cryptographic software module compatible with OpenSSL, replacing the low-level (libcrypto) libraries. By integrating CryptoComply into your OpenSSL implementation, you get a “drop-in” FIPS 140-2 compliant solution. Also, since OpenSSL is used in other security solutions such as OpenVPN, OpenSSH, and Apache Tomcat, you can easily make these communication functions FIPS compliant as well.
So yes, it’s unfortunate that the OSF has ended their “private label” validations, but don’t worry. Over the next few weeks, we will demonstrate in this blog how SafeLogic’s products can surpass your expectations of both cost and timeline.
If you just can’t wait for the next blog post, contact SafeLogic immediately and we’ll get you up to speed.