Security policy pdf documents for OpenSSL 3.1, 1.1, 1.0 and etc?
Jun Aruga
jun.aruga at gmail.com
Thu Jul 20 11:40:58 UTC 2023
On Tue, Jul 18, 2023 at 12:48 AM Dr Paul Dale <pauli at openssl.org> wrote:
>
> Also note that no OpenSSL version 1.1.Z was ever (& never will be) FIPS validated by the project.
>
> FIPS validations are expensive, we cannot validate each and ever version.
>
> However, we do ensure compatibility between released versions and validated FIPS providers. For example, you can use the 3.0.0 FIPS provider with OpenSSL 3.1.1. This does mean you might have to build twice -- once to get the provider and once for OpenSSL. The instructions are in the README.FIP file.
>
>
> Pauli
I see. Thanks for explaining the context. I can also see the steps to
use the 3.0.0 FIPS provider with OpenSSL 3.1 on the document that you
mentioned.
https://github.com/openssl/openssl/blob/master/README-FIPS.md#installing-the-fips-provider-and-using-it-with-the-latest-release
Jun
More information about the openssl-users
mailing list