The OpenSSL project has obtained certificate #4282
from NIST for the FIPS provider. Nice. However, the certificate and
accompanying security policy specifically list version 3.0.0 while the
current release is 3.0.7. There have been CVEs & bugfixes since the 3.0.0
release but it's not clear whether any of those directly affected the FIPS
provider. Can someone from the OpenSSL project comment on the
viability/suitability of using the 3.0.0 FIPS provider with a 3.0.7


Reply via email to