[ssh_x509] OpenSSL 3.0 FIPS provider

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Aug 22 10:27:34 EEST 2022


Hello,

ssh_x509 at roumenpetrov.info wrote:
> Hi,
>
> Are there any plans to support OpenSSL 3's FIPS provider?  Apache's httpd
> mod_ssl now wraps the FIPS_mode function calls based on the OpenSSL
> version,
It seems to me OpenSSL 3.0 is not production ready.
About two years regression test fail with openssl master, i.e. basis for 3.0. This period prevents attempts to implement provider based keys.

There is other task  to do with priority. Lets see workable and more stable OpenSSL API first. Implementation and use of provider based keys is planed for OpenSSL 3.1. API and in this context FIPS support.


> https://svn.apache.org/viewvc?view=revision&revision=1901470
>
> Thanks,
> Joe
Roumen



More information about the ssh_x509 mailing list