alt Hacker News> FIPS-compliant bindings (OpenSSL)
Using FIPS mode can be insecure because the latest FIPS-compliant version can be years older than the latest non-FIPS one with all the updates.
The only time it makes sense to use the FIPS version is where there is a legal or contractual requirement that trumps security considerations.
While I think this is good advice, the fact that it's true feels backward to me. "We have a legal or contractual obligation to be less secure than we otherwise would be." Just seems silly.