The decision means that government agencies for the two countries can't purchase the tool for the time being, although those that have already done so will still be allowed to use it. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security protocols. It is widely used to encrypt and decrypt data on the Internet.

The decision to suspend validation of the tool came just two days after the group doing the validation, the Cryptographic Module Validation Program (CMVP) at the National Institute of Standards and Technology (NIST), had taken the harsher step of rejecting the tool entirely.

News of the rapid changes to the validation effort drew criticism from the Open Source Software Institute (OSSI), a nonprofit group in Hattiesburg, Miss., trying to get the Open-SSL encryption module validated for government use. John Weathersby, the OSSI's executive director, alleged that the move appears to have been influenced by vendors of proprietary technologies that stand to lose a lucrative market if an open-source alternative is certified.

"There are some vendors fighting like hell to make this die, and I can see why," said Weathersby. "This is not a technology issue; this is a political issue."

In January, OpenSSL received its precedent-setting validation from the CMVP, which is charged with validating and certifying that cryptographic tools sold to government agencies meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2.