Security policy pdf documents for OpenSSL 3.1, 1.1, 1.0 and etc?
jun.aruga at gmail.com
Thu Jul 20 11:40:58 UTC 2023
On Tue, Jul 18, 2023 at 12:48 AM Dr Paul Dale <pauli at openssl.org> wrote:
> Also note that no OpenSSL version 1.1.Z was ever (& never will be) FIPS validated by the project.
> FIPS validations are expensive, we cannot validate each and ever version.
> However, we do ensure compatibility between released versions and validated FIPS providers. For example, you can use the 3.0.0 FIPS provider with OpenSSL 3.1.1. This does mean you might have to build twice -- once to get the provider and once for OpenSSL. The instructions are in the README.FIP file.
I see. Thanks for explaining the context. I can also see the steps to
use the 3.0.0 FIPS provider with OpenSSL 3.1 on the document that you
More information about the openssl-users