[Openvas-devel] Start: replacing OpenSSL by GNU/TLS

Norm Donovan Norm.Donovan at Sentrik.com
Tue Mar 20 23:25:26 CET 2007

What is the practical impact of OpenSSL being FIPS approved?  Is GNU/TLS
not FIPS approved?  How does one get FIPS approval?  Since Tenable must
have removed OpenSSL from Nessus3 is Nessus3 not FIPS approved?

In any case it sounds like easiest decision is to try to replace OpenSSL
with GNU/TLS so we can move the project on.


-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Randal
T. Rioux
Sent: Friday, March 16, 2007 7:55 AM
To: Jan-Oliver Wagner
Cc: openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] Start: replacing OpenSSL by GNU/TLS

Jan-Oliver Wagner wrote:
> The major and most important task, IMHO, is to replace OpenSSL by
> GNU/TLS. There is no OpenSSL exception for the server
> part. It is therefore illegal to distribute binary packages.

I must have missed something here, but what would prevent the inclusion
of OpenSSL libraries? I'm all for using GNU/TLS, but OpenSSL is FIPS
approved (USA fed standard) and that is a great plus for government
acceptance (my arena).

> Does it make sense at all to allow compilation without SSL?
> IMHO, SSL should be mandatory, but I'd be happy to stand corrected.

No - I don't think so. All that data has some pretty valuable
information in transit. SSL is a must in my opinion.


Openvas-devel mailing list
Openvas-devel at wald.intevation.org

More information about the Openvas-devel mailing list