-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-9.7
-
openssl-fips-provider-3.0.7-7.el9
-
Yes
-
Important
-
1
-
rhel-security-crypto
-
23
-
24
-
1
-
False
-
False
-
-
No
-
Crypto25August
-
-
Pass
-
Not Needed
-
Automated
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
-
All
-
None
What were you trying to do that didn't work?
RHEL composes (starting with RHEL-9.7.0-20250713.2) now contain the fips-provider-next package, and this package is now being installed instead of instead of openssl-fips-provider/openssl-fips-provider-so which should be selected by default.
What is the impact of this issue to you?
We need openssl-fips-provider and openssl-fips-provider-so to be installed in order to claim FIPS 140-3 compliance.
Please provide the package NVR for which the bug is seen:
fips-provider-next-1.2.0-2.el9
How reproducible is this bug?:
100%
Steps to reproduce
- Install a compose.
- Check if fips-provider-next is installed
- Check if openssl-fips-provider and openssl-fips-provider are installed
Expected results
2. fips-provider-next is not installed
3. openssl-fips-provider and openssl-fips-provider are installed
Actual results
2. fips-provider-next is installed
3. openssl-fips-provider and openssl-fips-provider are not installed
# rpm -qa | grep fips
fips-provider-next-1.2.0-2.el9.x86_64
# rpm -q openssl
openssl-3.5.1-2.el9.x86_64
# fips-mode-setup --check
FIPS mode is enabled.
# openssl list -providers
Providers:
base
name: OpenSSL Base Provider
version: 3.5.1
status: active
default
name: OpenSSL Default Provider
version: 3.5.1
status: active
fips
name: OpenSSL FIPS Provider
version: 1.2.0
status: active
- clones
-
-
- Release Pending
-
- links to
-
RHBA-2025:148294
openssl bug fix and enhancement update