FIPS validations are expensive, we cannot validate each and ever version.
However, we do ensure compatibility between released versions and validated FIPS providers. For example, you can use the 3.0.0 FIPS provider with OpenSSL 3.1.1. This does mean you might have to build twice -- once to get the provider and once for OpenSSL. The instructions are in the README.FIP file.
Pauli
On 18/7/23 02:38, Jun Aruga wrote:
Hello, Right now I can see the security policy pdf document links for OpenSSL 3.0.8 and 3.0.0 on the page below. https://www.openssl.org/source/ However, could you tell me where I can download and see the security policy pdf documents for the OpenSSL 3.1.1, 3.1.0, other 3.0.Z such as 3.0.7, and old OpenSSL versions such as 1.1.Z and 1.0.Z? Jun
