From 22fe269070986cdb68933423044f4d126a154d0c Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Tue, 14 Aug 2018 07:59:18 -0400
Subject: [PATCH] Add FIPS FAQ, update FIPS status.

---
 docs/faq-5-misc.txt |  7 +++++++
 docs/fips.html      | 21 ++++++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/docs/faq-5-misc.txt b/docs/faq-5-misc.txt
index f2810e5..006b323 100644
--- a/docs/faq-5-misc.txt
+++ b/docs/faq-5-misc.txt
@@ -33,6 +33,13 @@ that came with the version of OpenSSL you are using. The pod format
 documentation is included in each OpenSSL distribution under the docs
 directory.
 
+* I need a FIPS validated offering
+
+Please see
+@@@https://www.openssl.org/docs/fips.html@@@; the OpenSSL project is no longer
+involved in private label validations nor adding platforms to the existing
+certificates.
+
 * How can I contact the OpenSSL developers?
 
 The README file describes how to submit bug reports and patches to
diff --git a/docs/fips.html b/docs/fips.html
index 5c9b3ec..7bbce9c 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -10,7 +10,7 @@
 	  <header><h2>FIPS-140</h2></header>
 	  <div class="entry-content">
 
-	    <p>The most recent open source based validation of a cryptographic
+	    <p>The current validation of a cryptographic
 	    module (Module) compatible with the OpenSSL 1.0.2
 	    is v2.0.16, FIPS 140-2 certificate <a
 	    href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747">#1747</a>.
@@ -27,6 +27,19 @@
 	    (revision 2.0.16).
 	    </p>
 
+            <p>
+            Neither validation will work with any release other than 1.0.2.
+            The OpenSSL project is no longer maintaining either the 1747
+            or the 2398 module. This includes adding platforms to those
+            validations.
+            We are starting work on a new validation, after the 1.1.1
+            release completes.
+            That module will have a small set of validated operational
+            environments.
+            The OpenSSL project is no longer involved in private label
+            validations nor adding platforms to the existing certificates.
+            </p>
+
             <p>
 	    Here is the complete set of files. Note that if you are interested
             in the "1747" validation, you only need the three files mentioned
@@ -68,12 +81,6 @@
 	      source based validated module directly.  You must obtain your
 	      own validation.</li>
 
-              <li>None of the validations will work with OpenSSL 1.1.0 or
-              later.</li>
-
-              <li>We are starting work on a new validation based on the
-              upcoming 1.1.1 release.</li>
-
 	    </ul>
 
 	  </div>
-- 
2.34.1