[openssl-users] OpenSSL 3.0 and FIPS Update
rsalz at akamai.com
Thu Feb 14 18:08:06 UTC 2019
> Integrity of validated source code when other parts of the tarball
get regular changes?
The design doc, just recently published, talks about this a bit. Not all details are known yet.
> Building the validated source code in a controlled environment
separate from the full tarball?
I do not believe this has been discussed within the FIPS sponsors.
> (If there are answers in the FIPS 3.0.0 draft spec, they need repeating).
Or a more careful reading. :)
> So right now, FIPS-validated users are left hanging, with no date to
get a 3.0.0 code drop to start porting and a looming deadline for the
You get what you pay for. I can be harsh because I am not a member of the OpenSSL project.
You can start by porting to 1.1.x now.
More information about the openssl-users