A joint U.S. and Canadian organization that certifies encryption tools for use by federal 
government agencies has suspended its validation of OpenSSL cryptographic technology for the second time in less than six months.
The decision means that government agencies can’t purchase the open-source tool for the time being, although those that have already done so will still be allowed to use it. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer security protocols. It is widely used to encrypt and decrypt data on the Internet.
The decision to suspend validation of the tool came just two days after the group doing the validation, the Cryptographic Module Validation Program (CMVP) at the National Institute of Standards and Technology (NIST), had taken the harsher step of revoking the tool entirely. It backed away from that decision and opted for a suspension of the process instead. Security validation of OpenSSL encryption tool uncertain
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag