Need help - upgrading openssl version from 3.0.12 to 3.2.x version

Tomas Mraz tomas at openssl.org
Tue Feb 27 03:34:35 UTC 2024


On Mon, 2024-02-26 at 22:38 +0000, Wall, Stephen wrote:
> > Please note that we actually test running the 3.0.8 and 3.0.9
> > validated
> > versions of the FIPS provider with the 3.2 OpenSSL in the CI and it
> > works. We
> > are not aware of any problems with running the validated versions
> > of the FIPS
> > provider with the current OpenSSL versions.
> 
> OK, so https://github.com/openssl/openssl/issues/23400 doesn't
> actually prevent OpenSSL from working, it's just an issue with
> `openssl fipsinstall`.  I hadn't followed it closely enough, just
> briefly saw some some messages go past.

Yeah, that issue is not really preventing the 3.0.x FIPS provider
working with subsequent OpenSSL releases. It's just a matter of a minor
FIPS compliance issue. (Depending on different views it might matter
for the FIPS compliance or not.)

> Good to know.  Will the same apply to the 140-3 module and OpenSSL
> 3.2?

Yes, that is and always was the intention. The FIPS provider is built
in a way that it can be used with any other version and the same
applies to third party providers.

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list