We saw this posting yesterday on OSSI’s site. And here is one other article on the subject.

Customers of Apex Assurance Group have waiting for this day for many months (hence the reason we also filed this in “Common Questions”), and this is terrific news for them and for the open source movement as well. As the OSSI site says:

… the validation does not immediately solve all FIPS 140-2 compliance issues

This is a true statement. While it certainly will help facilitate the process, product vendors pursuing validation won’t be able to claim that their product is validated only because it uses the validated version (v0.9.7j) of OpenSSL. For more information, end users and vendors will want to refer to section G.5 Maintaining validation compliance of software or firmware cryptographic modules of Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program. Going forward, we’ll provide guidance on this blog as well.

Congrats to the team for making this happen.