The OpenSSL project is pleased to announce an update to its FIPS 140-2 certificate #4282. The certificate now validates the FIPS provider built from the 3.0.8 and 3.0.9 releases.

The OpenSSL 3.0.9 maintenance release fixed the Low severity security issue CVE-2023-1255 which affects the FIPS module when running on ARM 64 bit platforms. For this reason the 3.0.9 version was submitted for validation and the updated FIPS certificate is now available.

For more information on the resolved CVEs specific to the FIPS provider, please visit our FIPS and CVEs news page.