Thanks for the info. You mean both libssl.a and libcrypto.a static, and then dynamically loaded fips.so, correct? Unfortunately that gets away from the single-binary-executable model and so is a somewhat major change.
-----Original Message----- From: Matt Caswell <m...@openssl.org<mailto:matt%20caswell%20%3cm...@openssl.org%3e>> To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: [EXTERNAL] Re: Static OpenSSL 3 library with FIPS Date: Fri, 25 Mar 2022 20:22:02 +0000 On 25/03/2022 18:33, Paul Spencer wrote: Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support? This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and special linking in the Makefile). However, with SSL3, if I go Configure no-module enable-fips then it silently disables FIPS. Is there any way to do this? You can have a static libcrypto (.a) with a dynamically loaded FIPS module (i.e. using fips.so). Configure no-shared enable-fips You cannot have a statically linked FIPS module. It was a day 1 design decision that we would no longer support this. Matt
