[issue46149] FIPS usedforsecurity flag is no longer functional with OpenSSL 3.0.0
Christian Heimes
report at bugs.python.org
Wed Dec 22 07:51:41 EST 2021
Christian Heimes <lists at cheimes.de> added the comment:
Your patch gets the work done, but it's even slower than my WIP patch set. Hashing is a performance critical path. The new fetch() API in OpenSSL 3.0.0 is substantially slower than the old OpenSSL 1.1.1 APIs.
Python 3.9 and earlier still support OpenSSL 1.0.2. I removed support for OpenSSL < 1.1.1 for Python 3.10. There are approvied FIPS providers for OpenSSL 1.1.1, e.g. RHEL 8 has a certified FIPS module for OpenSSL 1.1.1.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46149>
_______________________________________
More information about the Python-bugs-list
mailing list