[openssl-users] OpenSSL 3.0 and FIPS Update

Jakob Bohm jb-openssl at wisemo.com
Wed Feb 13 17:32:45 UTC 2019

On 13/02/2019 12:26, Matt Caswell wrote:
> Please see my blog post for an OpenSSL 3.0 and FIPS Update:
> https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
> Matt

Given this announcement, a few questions arise:

- How will a FIPS provider in the main tarball ensure compliance
  with the strict code delivery and non-change requirements of the
  CMVP (what was previously satisfied by distributing physical
  copies of the FIPS canister source code, and sites compiling this
  in a highly controlled environment to produce a golden canister)?

- Will there be a reasonable transition period where users of the
  old FIPS-validated module can transition to the new module (meaning
  that both modules are validated and usable with a supported
  FIPS-capable OpenSSL library)?  I imagine that applications relying
  on the existing FIPS canister will need some time to quality test
  their code with all the API changes from OpenSSL 1.0.x to OpenSSL
  3.0.x .  OS distributions will also need some time to roll out the
  resulting feature updates to end users.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list