On Mon, 2024-02-26 at 22:38 +0000, Wall, Stephen wrote: > > Please note that we actually test running the 3.0.8 and 3.0.9 > > validated > > versions of the FIPS provider with the 3.2 OpenSSL in the CI and it > > works. We > > are not aware of any problems with running the validated versions > > of the FIPS > > provider with the current OpenSSL versions. > > OK, so https://github.com/openssl/openssl/issues/23400 doesn't > actually prevent OpenSSL from working, it's just an issue with > `openssl fipsinstall`. I hadn't followed it closely enough, just > briefly saw some some messages go past. Yeah, that issue is not really preventing the 3.0.x FIPS provider working with subsequent OpenSSL releases. It's just a matter of a minor FIPS compliance issue. (Depending on different views it might matter for the FIPS compliance or not.) > Good to know. Will the same apply to the 140-3 module and OpenSSL > 3.2? Yes, that is and always was the intention. The FIPS provider is built in a way that it can be used with any other version and the same applies to third party providers. -- Tomáš Mráz, OpenSSL
