amazon-linux-2023 [Bug] - Cannot install Openssl-fips-provider-certified 3.0.8-1

My product is failing to build after the upgrade and i need to run with openssl 3.0.8. I tried installing openssl-fips-provider-certified and openssl-fips-provider-certified-so since it in 3.0.8 version and it is failing to install. Below are the details.

amazonlinux:latest Docker image by default now installed with openssl-fips-provider-latest.aarch64 1:3.2.2-1.amzn2023.0.1

yum list installed | grep -i openssl
**openssl-fips-provider-latest.aarch64 1:3.2.2-1.amzn2023.0.1              @System**
**openssl-libs.aarch64                 1:3.2.2-1.amzn2023.0.1              @System**
bash-5.2#

While as per the release notes, https://docs.aws.amazon.com/linux/al2023/release-notes/all-packages-AL2023.7.html it should be installed with 3.0.8-1.amzn2023.0.1

I tried to do yum install openssl-fips-provider-certified-so, if it can downgrades, but it is conflicting and not allowing me to downgrade. I would request you to kindly downgrade the openssl-fips-provider-certified-so to 3.0.8-1.amzn2023.0.1 as per amazon release notes https://docs.aws.amazon.com/linux/al2023/release-notes/all-packages-AL2023.7.html

yum install openssl-fips-provider-certified-so
Last metadata expiration check: 0:01:46 ago on Thu Apr  3 07:47:02 2025.
Dependencies resolved.
============================================================================================================
 Package                                  Architecture  Version                     Repository         Size
============================================================================================================
Installing:
 openssl-fips-provider-certified-so       aarch64       3.0.8-1.amzn2023.0.1        amazonlinux       519 k

Transaction Summary
============================================================================================================
Install  1 Package

Total size: 519 k
Installed size: 1.1 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.aarch64.rpm: Already downloaded          
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: Transaction test error:
  file /usr/lib64/ossl-modules/fips.so from install of openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.aarch64 conflicts with file from package openssl-fips-provider-latest-1:3.2.2-1.amzn2023.0.1.aarch64

Apr 03 '25 08:04 AbhishekPuranam

@AbhishekPuranam use dnf swap openssl-fips-provider-latest openssl-fips-provider-certified-so

bash-5.2# dnf swap openssl-fips-provider-latest openssl-fips-provider-certified-so
Last metadata expiration check: 0:02:56 ago on Thu Apr  3 16:23:02 2025.
Dependencies resolved.
========================================================================================================================
 Package                                    Architecture   Version                           Repository            Size
========================================================================================================================
Installing:
 openssl-fips-provider-certified-so         x86_64         3.0.8-1.amzn2023.0.1              amazonlinux          582 k
Installing dependencies:
 openssl-fips-provider-certified            x86_64         3.0.8-1.amzn2023.0.1              amazonlinux          9.4 k
Removing:
 openssl-fips-provider-latest               x86_64         1:3.2.2-1.amzn2023.0.1            @amazonlinux         2.0 M

Transaction Summary
========================================================================================================================
Install  2 Packages
Remove   1 Package

Total size: 591 k
Total download size: 9.4 k
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.x86_64.rpm: Already downloaded
(2/2): openssl-fips-provider-certified-3.0.8-1.amzn2023.0.1.x86_64.rpm                   98 kB/s | 9.4 kB     00:00
------------------------------------------------------------------------------------------------------------------------
Total                                                                                    47 kB/s | 9.4 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.x86_64                                 1/3
  Installing       : openssl-fips-provider-certified-3.0.8-1.amzn2023.0.1.x86_64                                    2/3
  Erasing          : openssl-fips-provider-latest-1:3.2.2-1.amzn2023.0.1.x86_64                                     3/3
  Running scriptlet: openssl-fips-provider-latest-1:3.2.2-1.amzn2023.0.1.x86_64                                     3/3
  Verifying        : openssl-fips-provider-certified-3.0.8-1.amzn2023.0.1.x86_64                                    1/3
  Verifying        : openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.x86_64                                 2/3
  Verifying        : openssl-fips-provider-latest-1:3.2.2-1.amzn2023.0.1.x86_64                                     3/3

Installed:
  openssl-fips-provider-certified-3.0.8-1.amzn2023.0.1.x86_64
  openssl-fips-provider-certified-so-3.0.8-1.amzn2023.0.1.x86_64
Removed:
  openssl-fips-provider-latest-1:3.2.2-1.amzn2023.0.1.x86_64

Complete!

Apr 03 '25 16:04 zcobol

User guide doc about this for future reference: https://docs.aws.amazon.com/linux/al2023/ug/fips-openssl-swap-provider.html

Apr 03 '25 18:04 szarkos