Add FIPS FAQ, update FIPS status.

[openssl-web.git] / docs / fips.html

diff --git a/docs/fips.html b/docs/fips.html
index 5c9b3ec917c5f38dfe43eceee7c76fa33d1c0306..7bbce9c7d7aac2f8c66efdf8819d1a96e2000bcb 100644 (file)
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -10,7 +10,7 @@
          <header><h2>FIPS-140</h2></header>
          <div class="entry-content">
 
-           <p>The most recent open source based validation of a cryptographic
+           <p>The current validation of a cryptographic
            module (Module) compatible with the OpenSSL 1.0.2
            is v2.0.16, FIPS 140-2 certificate <a
            href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747">#1747</a>.
@@ -27,6 +27,19 @@
            (revision 2.0.16).
            </p>
 
+            <p>
+            Neither validation will work with any release other than 1.0.2.
+            The OpenSSL project is no longer maintaining either the 1747
+            or the 2398 module. This includes adding platforms to those
+            validations.
+            We are starting work on a new validation, after the 1.1.1
+            release completes.
+            That module will have a small set of validated operational
+            environments.
+            The OpenSSL project is no longer involved in private label
+            validations nor adding platforms to the existing certificates.
+            </p>
+
             <p>
            Here is the complete set of files. Note that if you are interested
             in the "1747" validation, you only need the three files mentioned
@@ -68,12 +81,6 @@
              source based validated module directly.  You must obtain your
              own validation.</li>
 
-              <li>None of the validations will work with OpenSSL 1.1.0 or
-              later.</li>
-
-              <li>We are starting work on a new validation based on the
-              upcoming 1.1.1 release.</li>
-
            </ul>
 
          </div>