RE: Need help - upgrading openssl version from 3.0.12 to 3.2.x version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Stephen +ACY- Team,

Thanks,

But in the OpenSSL org docs it is mentioned from 3.0.x onwards FIPS is integrated within the OpenSSL code and no need to build it separately.
As I mentioned we are already in the version OpenSSL 3.0.12 and we wanted to move to 3.2.x because of some vulnerabilities in cryptography (python package)

So as per the mail can we build the OpenSSL fips provider separately and then integrate with OpenSSL 3.2.x code?

Please correct me if my understanding is wrong.

Thanks,
Raghu


Internal Use - Confidential
-----Original Message-----
From: openssl-users +ADw-openssl-users-bounces+AEA-openssl.org+AD4- On Behalf Of Wall, Stephen
Sent: Monday, February 26, 2024 6:52 PM
To: openssl-users+AEA-openssl.org
Subject: RE: Need help - upgrading openssl version from 3.0.12 to 3.2.x version


+AFs-EXTERNAL EMAIL+AF0-

+AD4- From: Prasad, PCRaghavendra
+AD4- We are planning to upgrade the OpenSSL version from 3.0.12 to version 3.2.x version
+AD4-
+AD4- We are currently using the OpenSSL FIPS enablement feature in our application, so if we upgrade to a newer version of OpenSSL 3.2.x version are there any changes w.r.t fips?
+AD4- We need to be in line with fips 140-2 standard. Is the process the same that way we upgraded to different versions of 3.0.x versions ( like 3.0.8 to 3.0.9 and 3.0.9 to 3.0.12 etc)

You +ACo-must+ACo- use the fips.so from either 3.0.8 or 3.0.9, built in accordance with the Security Policy, in order to claim FIPS 140-2 certification.  These are the only versions listed on the OpenSSL certificate. (https://urldefense.com/v3/+AF8AXw-https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282+AF8AXwA7ACEAIQ-LpKI+ACE-ggyINhn4BgSMO5ni5vbDC3Jhy0BgLGZitO5wbh1yNTvwt4+AF8-kiEuO+AF8-ClozBdX2M2bBM7CBiDF92ljejv83KUf2c1SOXZQxQ+ACQ- +AFs-csrc+AFs-.+AF0-nist+AFs-.+AF0-gov+AF0-).

There have been several messages on one of the OpenSSL mailing lists about problems using the 3.0.x FIPS provider with 3.2.x OpenSSL builds, so it may not be possible to be FIPS compliant with OpenSSL 3.2.

-spw

Internal Use - Confidential
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux