In Factory, ATM we have openssl version 3.0.8 as the default openssl and we are planning to update to the new OpenSSL 3.1 series that will be released tomorrow, see: * https://www.openssl.org/blog/blog/2023/03/07/OpenSSL3.1Release/ This new version is FIPS 140-3 compliant and we plan to verify the requirements in there. So, we can keep this bug open until this is clarified in that version. Regarding MD4, it is already blocked and it shows the expected result. As Marcus mentioned in https://bugzilla.suse.com/show_bug.cgi?id=1209037#c1, the QA openssl_fips_hash test would need to capture the reported string from openssl 3 the same way. Probably the string might have changed since openssl 1.1.1.