OpenSSL 3.0

Salz, Rich rsalz at akamai.com
Wed Feb 26 19:43:59 UTC 2020


The 3.0 release is a work in progress and is not done yet.

FIPS 3.0 === OpenSSL 3.0, using a FIPS-validated crypto provider which will be part of OpenSSL 3.0.

The architecture documents are at https://www.openssl.org/docs

On 2/26/20, 2:40 PM, "Sam Roberts" <vieuxtech at gmail.com> wrote:

    On Wed, Feb 26, 2020 at 8:36 AM Salz, Rich <rsalz at akamai.com> wrote:
    >
    > >    I'd like to give this a spin, to get an idea what's going to be
    >     involved in porting from FIPS2.0 to 3.0, any pointers on where to
    >     start?
    >
    > Per the blog post, "most applications should just need to be recompiled." :)
    >
    > Get the source via instructions here: https://www.openssl.org/source/
    
    I want to build against ***FIPS3.0***. I don't find any routes to
    FIPS3.0 in the above link.
    
    We've already ported to openssl 1.1.1, so the non-FIPS APIs should be
    fine when compiled against openssl-3.0 (the promise was API
    compatible).
    
    My expectations based on the blog posts and arch/design docs is the
    FIPS3.0 will be an OpenSSL 3.0 provider, and I am guessing it will be
    necessary, somehow?, to tell OpenSSL which provider to use, either
    programmatically or via openssl.cfg?
    
    Or maybe I'm off track, and its a configure mode, and the provider
    will be hard-coded in if openssl-3.0 is built with FIPS? But again,
    how to do that?
    
    I've spent some time poking around in the source and git logs, and
    (again, could have missed it), I didn't see any FIPS specific doc
    changes or hints as what to do for FIPS3.0, and it wasn't clear where
    to start.
    
    Sam
    



More information about the openssl-users mailing list