I'm a trying to generate the netty-tcnative dynamic openssl artifacts for linux (I'm on mac, but I'm using docker to generate the correct jar files for linux). I have ensured openssl3 is running with FIPS mode (fips module is configured as the default provider, and when I run Md5 command it throws error as expected).
I was able to generate the netty-tcnative library with dynamic openssl binding and have added to my application. But when i try to enable the fips mode it gives error : saying netty-tcnative was built without fips support.

Do I need to pass some additional flags while building netty in my local to make it use the fips settings? As per my understanding, if we make fips module as default provider in openssl, it would enable fips mode for all the applications.

Expected behavior

SSL.fipsModeSet(1) should not throw error

Actual behavior

Caused by: java.lang.Exception: netty-tcnative was built without FIPS support
at io.netty.internal.tcnative.SSL.fipsModeSet(Native Method)

netty-tcnative version

2.0.62.Final-SNAPSHOT

After more troubleshooting, I noticed since openSSL 3.0 from the changelogs both FIPS_mode() and FIPS_mode_set() functions have been removed.

That would mean we should remove https://github.com/netty/netty-tcnative/blob/main/openssl-dynamic/src/main/c/ssl.c#L2438 stuff like this?

I dont think so... As we still support older versions