Security policy pdf documents for OpenSSL 3.1, 1.1, 1.0 and etc?

Dr Paul Dale pauli at
Mon Jul 17 22:48:20 UTC 2023

Also note that no OpenSSL version 1.1.Z was ever (& never will be) FIPS 
validated by the project.

FIPS validations are expensive, we cannot validate each and ever version.

However, we do ensure compatibility between released versions and 
validated FIPS providers.  For example, you can use the 3.0.0 FIPS 
provider with OpenSSL 3.1.1.  This does mean you might have to build 
twice -- once to get the provider and once for OpenSSL.  The 
instructions are in the README.FIP 
<> file.


On 18/7/23 02:38, Jun Aruga wrote:
> Hello,
> Right now I can see the security policy pdf document links for OpenSSL
> 3.0.8 and 3.0.0 on the page below.
> However, could you tell me where I can download and see the security
> policy pdf documents for the OpenSSL 3.1.1, 3.1.0, other 3.0.Z such as
> 3.0.7, and old OpenSSL versions such as 1.1.Z and 1.0.Z?
> Jun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list