The 3.0 release is a work in progress and is not done yet. FIPS 3.0 === OpenSSL 3.0, using a FIPS-validated crypto provider which will be part of OpenSSL 3.0. The architecture documents are at https://www.openssl.org/docs On 2/26/20, 2:40 PM, "Sam Roberts" <vieuxtech@xxxxxxxxx> wrote: On Wed, Feb 26, 2020 at 8:36 AM Salz, Rich <rsalz@xxxxxxxxxx> wrote: > > > I'd like to give this a spin, to get an idea what's going to be > involved in porting from FIPS2.0 to 3.0, any pointers on where to > start? > > Per the blog post, "most applications should just need to be recompiled." :) > > Get the source via instructions here: https://www.openssl.org/source/ I want to build against ***FIPS3.0***. I don't find any routes to FIPS3.0 in the above link. We've already ported to openssl 1.1.1, so the non-FIPS APIs should be fine when compiled against openssl-3.0 (the promise was API compatible). My expectations based on the blog posts and arch/design docs is the FIPS3.0 will be an OpenSSL 3.0 provider, and I am guessing it will be necessary, somehow?, to tell OpenSSL which provider to use, either programmatically or via openssl.cfg? Or maybe I'm off track, and its a configure mode, and the provider will be hard-coded in if openssl-3.0 is built with FIPS? But again, how to do that? I've spent some time poking around in the source and git logs, and (again, could have missed it), I didn't see any FIPS specific doc changes or hints as what to do for FIPS3.0, and it wasn't clear where to start. Sam
