The OpenSSL project has obtained certificate #4282
<https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282>
from NIST for the FIPS provider. Nice. However, the certificate and
accompanying security policy specifically list version 3.0.0 while the
current release is 3.0.7. There have been CVEs & bugfixes since the 3.0.0
release but it's not clear whether any of those directly affected the FIPS
provider. Can someone from the OpenSSL project comment on the
viability/suitability of using the 3.0.0 FIPS provider with a 3.0.7
libcrypto/libssl?


Thanks,
Tom.III

Reply via email to