The OpenSSL project has obtained certificate #4282 from NIST for the FIPS provider. Nice. However, the certificate and accompanying security policy specifically list version 3.0.0 while the current release is 3.0.7. There have been CVEs & bugfixes since the 3.0.0 release but it's not clear whether any of those directly affected the FIPS provider. Can someone from the OpenSSL project comment on the viability/suitability of using the 3.0.0 FIPS provider with a 3.0.7 libcrypto/libssl?
Thanks,
Tom.III
