Need help - upgrading openssl version from 3.0.12 to 3.2.x version
Wall, Stephen
stephen.wall at redcom.com
Mon Feb 26 13:22:03 UTC 2024
> From: Prasad, PCRaghavendra
> We are planning to upgrade the OpenSSL version from 3.0.12 to version 3.2.x version
>
> We are currently using the OpenSSL FIPS enablement feature in our application, so if we upgrade to a newer version of OpenSSL 3.2.x version are there any changes w.r.t fips?
> We need to be in line with fips 140-2 standard. Is the process the same that way we upgraded to different versions of 3.0.x versions ( like 3.0.8 to 3.0.9 and 3.0.9 to 3.0.12 etc)
You *must* use the fips.so from either 3.0.8 or 3.0.9, built in accordance with the Security Policy, in order to claim FIPS 140-2 certification. These are the only versions listed on the OpenSSL certificate. (https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282).
There have been several messages on one of the OpenSSL mailing lists about problems using the 3.0.x FIPS provider with 3.2.x OpenSSL builds, so it may not be possible to be FIPS compliant with OpenSSL 3.2.
-spw
More information about the openssl-users
mailing list