Openssl 3.0 fips usage

Manish Patidar mann.patidar at
Tue Feb 4 10:59:32 UTC 2020


Can some one clarify if below usage is allowed by fips

According to FIPS 140-2 IG document, CSP defined in approved mode of
operation shall not be accessed or shared with non-approved mode of

If  both default and fips provider are loaded and application generate Rsa
key pair(2048 bits) from fips provider and  try to use default provider to
sign with sha1,  is this allowed?
If allowed, will it not break the fips rules?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list