You can find the detailed changes in the CHANGES.md file [1] And the high level overview of the changes in the release notes [2] [1] https://github.com/openssl/openssl/blob/openssl-3.2/CHANGES.md [2] https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md On Thu, 2024-02-29 at 06:45 +0000, Prasad, PCRaghavendra wrote: > Thanks, Tomaz for the information this helps > > One more doubt is there any place where I can see the difference > between older version to the newer version > > Ex: from 3.0.12 to 3.2.x specific updates > > Thanks, > > -----Original Message----- > From: Tomas Mraz <tomas@xxxxxxxxxxx> > Sent: Tuesday, February 27, 2024 1:14 PM > To: Prasad, PCRaghavendra; Wall, Stephen; openssl-users@xxxxxxxxxxx > Subject: Re: Need help - upgrading openssl version from 3.0.12 to > 3.2.x version > > > [EXTERNAL EMAIL] > > For FIPS compliance you definitely need to use the validated version > of a FIPS provider. Please see the instructions here [1] on how to > combine the latest release with a validated FIPS provider version. > > [1] > https://urldefense.com/v3/__https://github.com/openssl/openssl/blob/master/README-FIPS.md__;!!LpKI!jLMp7kblHEfwy_-l1pml2BUrIGyDrS0buy7NkQJ9AnH48CNuu5pkshNIHT4nJ8wBN0wuiDin47HZyuaShgEZPQ$ > [github[.]com] > > Tomas Mraz, OpenSSL > > On Tue, 2024-02-27 at 05:55 +0000, Prasad, PCRaghavendra wrote: > > Thanks, Tomas, > > > > So we can use OpenSSL 3.2.0 and enable fips during the build step > > and > > get the fips.so > > > > OR > > > > we should take the OpenSSL 3.2.0 code and then take the FIPS > > provider > > from the OpenSSL 3.0.8 or 3.0.9 and build, then get the fips.so, > > fipsmodule.cnf and combine with OpenSSL 3.2.0 > > > > Thanks, > > Raghu > > > > -----Original Message----- > > From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf > > Of > > Tomas Mraz > > Sent: Tuesday, February 27, 2024 9:05 AM > > To: Wall, Stephen; openssl-users@xxxxxxxxxxx > > Subject: Re: Need help - upgrading openssl version from 3.0.12 to > > 3.2.x version > > > > > > [EXTERNAL EMAIL] > > > > On Mon, 2024-02-26 at 22:38 +0000, Wall, Stephen wrote: > > > > Please note that we actually test running the 3.0.8 and 3.0.9 > > > > validated versions of the FIPS provider with the 3.2 OpenSSL in > > > > the CI and it works. We are not aware of any problems with > > > > running > > > > the validated versions of the FIPS provider with the current > > > > OpenSSL versions. > > > > > > OK, so > > > https://urldefense.com/v3/__https://github.com/openssl/openssl/issues/ > > > 23400__;!!LpKI!m4FTaZF0-kz3NQm8Y9WvC4n233dgbq01QmEc_C- > > > 2XrCWwWFFRtkaMjD > > > i6t8tcws2hmT529ayVVlzqPunWH8qZw$ [github[.]com] doesn't actually > > > prevent OpenSSL from working, it's just an issue with `openssl > > > fipsinstall`. I hadn't followed it closely enough, just briefly > > > saw some some messages go past. > > > > Yeah, that issue is not really preventing the 3.0.x FIPS provider > > working with subsequent OpenSSL releases. It's just a matter of a > > minor FIPS compliance issue. (Depending on different views it might > > matter for the FIPS compliance or not.) > > > > > Good to know. Will the same apply to the 140-3 module and > > > OpenSSL > > > 3.2? > > > > Yes, that is and always was the intention. The FIPS provider is > > built > > in a way that it can be used with any other version and the same > > applies to third party providers. > > > > -- > > Tomáš Mráz, OpenSSL > > > > -- > Tomáš Mráz, OpenSSL > -- Tomáš Mráz, OpenSSL
