X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=docs%2Ffaq-5-misc.txt;h=006b32327412714494959b56791f4c1ffdbb8151;hb=22fe269070986cdb68933423044f4d126a154d0c;hp=284846261b5c48b9aed09f3650ac048759be567b;hpb=f8be505ebf987ff74075122e2914b1be8bb3fef5;p=openssl-web.git diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt index 2848462..006b323 100644 --- a/docs/faq-5-misc.txt +++ b/docs/faq-5-misc.txt @@ -33,6 +33,13 @@ that came with the version of OpenSSL you are using. The pod format documentation is included in each OpenSSL distribution under the docs directory. +* I need a FIPS validated offering + +Please see +@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer +involved in private label validations nor adding platforms to the existing +certificates. + * How can I contact the OpenSSL developers? The README file describes how to submit bug reports and patches to @@ -67,13 +74,6 @@ covering all the systems we support. Perl was the base language of choice because we already use it in diverse scripts, and it's one of the most widely spread scripting languages. -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - * How do I check the authenticity of the OpenSSL distribution? We provide PGP signatures and a variety of digests on each release. @@ -110,3 +110,13 @@ in the next minor release. It was decided after the release of OpenSSL 0.9.8y the next version should be 0.9.8za then 0.9.8zb and so on. + +* Do you have a bug bounty program? + +The project does not. Google runs a program +@@@https://www.google.com/about/appsecurity/patch-rewards/@@@; so does +HackerOne, @@@https://hackerone.com/ibb-openssl@@@. In general, if you +have found a security issue, send email to openssl-security@openssl.org. +Please note that we do not consider DNS configurations or Website +configuration to be security issues. +