[openssl-users] OpenSSL 3.0 and FIPS Update

Salz, Rich rsalz at akamai.com
Thu Feb 14 18:08:06 UTC 2019

>    Integrity of validated source code when other parts of the tarball
    get regular changes?
The design doc, just recently published, talks about this a bit.  Not all details are known yet.
>    Building the validated source code in a controlled environment
    separate from the full tarball?
I do not believe this has been discussed within the FIPS sponsors.
>    (If there are answers in the FIPS 3.0.0 draft spec, they need repeating).
Or a more careful reading. :)

>    So right now, FIPS-validated users are left hanging, with no date to
    get a 3.0.0 code drop to start porting and a looming deadline for the
    1.0.x API.
You get what you pay for. I can be harsh because I am not a member of the OpenSSL project.

You can start by porting to 1.1.x now.

More information about the openssl-users mailing list