performing an RSA signature generation, a module may use any modulus
> size greater than or equal to 2048 bits. At least one of the RSA modulus
> lengths supported by the module for RSA signature generation shall be 2048,
> 3072, or 4096 bits.
>
> On Monday, May 4, 2020 at 8:40:37
(Disclaimer: Not a FIPS compliance expert)
Couple of observations. I looked at how others are treating this by taking
an example of OpenSSL 1.1.1 and Go's 1.12.4 distribution from CentOS 8.1
(which is derived from RHEL 8.1 and RHEL is inline for FIPS 140-2
validation as we speak).
[1]. OpenS
