On Fri, Feb 11, 2011 at 12:25 PM, Stephen Frost <sfrost@snowman.net> wrote:
> * Charles.McDevitt@emc.com (Charles.McDevitt@emc.com) wrote:
>> Don't forget that OpenSSL has a FIPS-140 compliant version, and FIPS-140 compliance is essential to many Federal
users.
>
> Essential? That's a bit much. Yes, it shows up on a FISMA review as an
> open action item, but it's a risk that can both be accepted and
> mitigated. I also thought FIPS-140 version required API changes..
>
>> GnuTLS doesn't qualify.
>
> That should be "doesn't currently"..
Not being a SSL aficionado by any means, but what about NSS? That's
pretty mature, and could be another viable option.
--
fdr