Security policy pdf documents for OpenSSL 3.1, 1.1, 1.0 and etc?

Jun Aruga jun.aruga at
Thu Jul 20 11:40:58 UTC 2023

On Tue, Jul 18, 2023 at 12:48 AM Dr Paul Dale <pauli at> wrote:
> Also note that no OpenSSL version 1.1.Z was ever (& never will be) FIPS validated by the project.
> FIPS validations are expensive, we cannot validate each and ever version.
> However, we do ensure compatibility between released versions and validated FIPS providers.  For example, you can use the 3.0.0 FIPS provider with OpenSSL 3.1.1.  This does mean you might have to build twice -- once to get the provider and once for OpenSSL.  The instructions are in the README.FIP file.
> Pauli

I see. Thanks for explaining the context. I can also see the steps to
use the 3.0.0 FIPS provider with OpenSSL 3.1 on the document that you


More information about the openssl-users mailing list