OpenSSL FIPS certificate #4282

Thomas Dwyer III tomiii at tomiii.com
Wed Nov 23 01:12:29 UTC 2022


The OpenSSL project has obtained certificate #4282
<https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282>
from NIST for the FIPS provider. Nice. However, the certificate and
accompanying security policy specifically list version 3.0.0 while the
current release is 3.0.7. There have been CVEs & bugfixes since the 3.0.0
release but it's not clear whether any of those directly affected the FIPS
provider. Can someone from the OpenSSL project comment on the
viability/suitability of using the 3.0.0 FIPS provider with a 3.0.7
libcrypto/libssl?


Thanks,
Tom.III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221122/e3f6dca5/attachment.htm>


More information about the openssl-users mailing list