Will my application be FIPS 140-2 Certified under following conditions?

[Salz, Rich]

    > It seems to me that the easiest thing to do is maintain that release of OpenSSL by themselves.
    
>    Which would be another variation of such unofficial work.
  
You could look at things like that.  I consider it to be more like "your free FIPS ride is done, time to pay up"

>    That policy page is half the problem, the other half being the decision
    not to make a FIPS module for the current 1.1.x series.
  
There are many problems with the current FOM.  One notable example, is that you cannot have a single executable that handles both FIPS and non-FIPS TLS connections at the same time.  Another is the way the whole integrity check is done. I could go on and on, but won't.  The project spent a long time discussing and considering alternatives and decided a new start was the best way to move forwards. It was a carefully-considered decision.  The fact that it "left a coverage gap" in FIPS/1.0.2 was also discussed.

It's too bad not everyone is pleased. Probably those who didn't plan well, and/or who just got "FIPS for free" and expected that to last forever seem to be among those particular unhappy. Speaking for myself, AND NOT THE PROJECT, too bad.