“Unofficial” OpenSSL 3.0 FIPS module timeline

Below is KeyPair’s best effort to track the timeline for the new OpenSSL 3.0 FIPS 140-2 module. Links are provided for additional details.

Last updated: May 11, 2022

December 31, 2019
End of support for OpenSSL 1.0.2.
Premium Level Support available from OpenSSL.

September 4, 2020
– OpenSSL FIPS Object Modules 2.0 (FIPS 140-2 Certs. 1747, 2398, 2473) dropped to the CMVP historical list due to the Implementation Guidance for FIPS 140-2, G.18 transition (FIPS 186-2).

No earlier than July 2021
Final release for OpenSSL 3.0 is expected to happen “sometime in the New Year.” (“New Year” = 2021)
– On June 17, 2021, the OpenSSL 3.0 Release Candidate (Beta 1) was made available.
– Algorithm testing of the FIPS module begins with the FIPS 140 Lab.

July 2021
– On July 29, 2021, the OpenSSL 3.0 Release Candidate (Beta 2) was made available.

September 2021
– On September 7, 2021, the final release of OpenSSL 3.0.0 was published.
– Algorithm testing completed on September 15, 2021 resulting in CAVP Cert. #A1938
– On September 17, 2021, the FIPS 140-2 validation report was submitted to the CMVP for the OpenSSL 3.0 FIPS Provider. The CMVP Modules in Process List shows the current review status (search for “OpenSSL FIPS Provider”).

Q2 2022
– On February 15, 2022, the OpenSSL FIPS Provider report moved to “In Review” on the NIST Modules in Process List.
– CMVP completed initial review on April 29, 2022. The OpenSSL FIPS Provider report is in “Coordination” on the NIST Modules in Process List. The FIPS Lab and the OpenSSL Team are responding to comments from the CMVP.

Q3-Q4 2022
– OpenSSL 3.0 FIPS Provider receives a FIPS 140-2 certificate. (This is KeyPair’s best guess at the timeframe when the FIPS certificate will be posted.)


KeyPair Consulting gets your supported operating systems tested and listed on a FIPS 140-2 certificate in your company‚Äôs name. See our Private Label service for more information.