The EOL date for OpenSSL 1.0.2 will not be extended. It is possible to purchase premium level support which will provide 1.0.2 updates beyond its normal end of life. See: https://www.openssl.org/support/contracts.html#premium <https://www.openssl.org/support/contracts.html#premium>
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Oct 2019, at 9:11 pm, Salman Baset <salman.a.ba...@gmail.com> wrote: > > Hello everyone, > > I was wondering if there is any update on getting a new FIPS-validated module > for OpenSSL by the end of this year (before EOL of 1.0.2), as was mentioned > in this blog post: > https://www.openssl.org/blog/blog/2018/09/25/fips/ > <https://www.openssl.org/blog/blog/2018/09/25/fips/> > > According to this email, the new FIPS module is dependent on OpenSSL 3.0, > whose release timing is not certain yet. > https://mta.openssl.org/pipermail/openssl-users/2019-February/009836.html > <https://mta.openssl.org/pipermail/openssl-users/2019-February/009836.html> > > I will appreciate if someone can provide an update on the new FIPS timeline > as that will help folks who are looking to depend on OpenSSL's FIPS-validated > modules in the next 6-9 months or so. > > Lastly, is there any chance of extending the EOL date of OpenSSL 1.0.2 till > the new FIPS module/OpenSSL 3.0 becomes available? > > Thanks > Salman
