diff --git a/ports/openssl/portfile.cmake b/ports/openssl/portfile.cmake
index 05559d42f0821c..edc816b3d259c3 100644
--- a/ports/openssl/portfile.cmake
+++ b/ports/openssl/portfile.cmake
@@ -19,13 +19,14 @@ vcpkg_from_github(
     OUT_SOURCE_PATH SOURCE_PATH
     REPO openssl/openssl
     REF "openssl-${VERSION}"
-    SHA512 877b4bc4b59126bdaf626b01322c8ac5325945234acd14907e4a23019f1fd38ec17b5fae9ff60aa9b6b0089c29b0e4255a19cd2a1743c3db82a616286c60d3b9
+    SHA512 c48ad86265b0fee18b23863b645a286d131a863a3418c7d2ed6c819eebb822ad0f2985ba3ecbf4def32515442f0eb40aba08f3146d113247e86ec80fbddca1c1
     PATCHES
         disable-apps.patch
         disable-install-docs.patch
         script-prefix.patch
         windows/install-layout.patch
         windows/install-pdbs.patch
+        windows/perlasm-scheme.patch
         unix/android-cc.patch
         unix/move-openssldir.patch
         unix/no-empty-dirs.patch
@@ -40,6 +41,12 @@ vcpkg_list(SET CONFIGURE_OPTIONS
     no-tests
 )
 
+set(INSTALL_FIPS "")
+if("fips" IN_LIST FEATURES)
+    vcpkg_list(APPEND INSTALL_FIPS install_fips)
+    vcpkg_list(APPEND CONFIGURE_OPTIONS enable-fips)
+endif()
+
 if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
     vcpkg_list(APPEND CONFIGURE_OPTIONS shared)
 else()
@@ -66,4 +73,4 @@ else()
 endif()
 
 file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
-file(INSTALL "${SOURCE_PATH}/LICENSE.txt" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
+vcpkg_install_copyright(FILE_LIST "${SOURCE_PATH}/LICENSE.txt")
diff --git a/ports/openssl/unix/configure b/ports/openssl/unix/configure
index 5599aaa0f688e1..2d49b3d166b41a 100755
--- a/ports/openssl/unix/configure
+++ b/ports/openssl/unix/configure
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 
diff --git a/ports/openssl/vcpkg.json b/ports/openssl/vcpkg.json
index 0753b62b9bca6d..d8c8b824cac3e6 100644
--- a/ports/openssl/vcpkg.json
+++ b/ports/openssl/vcpkg.json
@@ -1,6 +1,6 @@
 {
   "name": "openssl",
-  "version": "3.1.0",
+  "version": "3.1.2",
   "port-version": 1,
   "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
   "homepage": "https://www.openssl.org",
@@ -20,6 +20,10 @@
     }
   ],
   "features": {
+    "fips": {
+      "description": "Enable fips",
+      "supports": "!static"
+    },
     "tools": {
       "description": "Install openssl executable and scripts",
       "supports": "!uwp"
diff --git a/ports/openssl/windows/perlasm-scheme.patch b/ports/openssl/windows/perlasm-scheme.patch
new file mode 100644
index 00000000000000..2849d49470784d
--- /dev/null
+++ b/ports/openssl/windows/perlasm-scheme.patch
@@ -0,0 +1,39 @@
+diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
+index e8084ab..263ecd0 100644
+--- a/Configurations/10-main.conf
++++ b/Configurations/10-main.conf
+@@ -9,19 +9,22 @@ sub vc_win64a_info {
+             $vc_win64a_info = { AS        => "nasm",
+                                 ASFLAGS   => "-g",
+                                 asflags   => "-Ox -f win64 -DNEAR",
+-                                asoutflag => "-o " };
++                                asoutflag => "-o ",
++                                perlasm_scheme => "nasm" };
+         } elsif ($disabled{asm}) {
+             # assembler is still used to compile uplink shim
+             $vc_win64a_info = { AS        => "ml64",
+                                 ASFLAGS   => "/nologo /Zi",
+                                 asflags   => "/c /Cp /Cx",
+-                                asoutflag => "/Fo" };
++                                asoutflag => "/Fo",
++                                perlasm_scheme => "masm" };
+         } else {
+             $die->("NASM not found - make sure it's installed and available on %PATH%\n");
+             $vc_win64a_info = { AS        => "{unknown}",
+                                 ASFLAGS   => "",
+                                 asflags   => "",
+-                                asoutflag => "" };
++                                asoutflag => "",
++                                perlasm_scheme => "auto" };
+         }
+     }
+     return $vc_win64a_info;
+@@ -1493,7 +1496,7 @@ my %targets = (
+         sys_id           => "WIN64A",
+         uplink_arch      => 'x86_64',
+         asm_arch         => 'x86_64',
+-        perlasm_scheme   => "auto",
++        perlasm_scheme   => sub { vc_win64a_info()->{perlasm_scheme} },
+         multilib         => "-x64",
+     },
+     "VC-WIN32" => {
diff --git a/ports/openssl/windows/portfile.cmake b/ports/openssl/windows/portfile.cmake
index a5a5da413d8db0..c1ce2774536a36 100644
--- a/ports/openssl/windows/portfile.cmake
+++ b/ports/openssl/windows/portfile.cmake
@@ -77,7 +77,7 @@ vcpkg_build_nmake(
         "LD=${ld}"
         "LDFLAGS=${VCPKG_COMBINED_SHARED_LINKER_FLAGS_DEBUG}"
     PROJECT_NAME "makefile"
-    TARGET install_dev install_modules
+    TARGET install_dev install_modules ${INSTALL_FIPS}
     LOGFILE_ROOT install
     OPTIONS
         "INSTALL_PDBS=${OPENSSL_BUILD_MAKES_PDBS}" # install-pdbs.patch
@@ -89,6 +89,9 @@ set(scripts "bin/c_rehash.pl" "misc/CA.pl" "misc/tsget.pl")
 if("tools" IN_LIST FEATURES)
     file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/${PORT}")
     file(RENAME "${CURRENT_PACKAGES_DIR}/openssl.cnf" "${CURRENT_PACKAGES_DIR}/tools/${PORT}/openssl.cnf")
+    if("fips" IN_LIST FEATURES)
+	file(RENAME "${CURRENT_PACKAGES_DIR}/fipsmodule.cnf" "${CURRENT_PACKAGES_DIR}/tools/${PORT}/fipsmodule.cnf")
+    endif()
     foreach(script IN LISTS scripts)
         file(COPY "${CURRENT_PACKAGES_DIR}/${script}" DESTINATION "${CURRENT_PACKAGES_DIR}/tools/${PORT}")
         file(REMOVE "${CURRENT_PACKAGES_DIR}/${script}" "${CURRENT_PACKAGES_DIR}/debug/${script}")
@@ -96,6 +99,7 @@ if("tools" IN_LIST FEATURES)
     vcpkg_copy_tools(TOOL_NAMES openssl AUTO_CLEAN)
 else()
     file(REMOVE "${CURRENT_PACKAGES_DIR}/openssl.cnf")
+    file(REMOVE "${CURRENT_PACKAGES_DIR}/fipsmodule.cnf")
     foreach(script IN LISTS scripts)
         file(REMOVE "${CURRENT_PACKAGES_DIR}/${script}" "${CURRENT_PACKAGES_DIR}/debug/${script}")
     endforeach()
@@ -125,4 +129,5 @@ file(REMOVE
     "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
     "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
     "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
+    "${CURRENT_PACKAGES_DIR}/debug/fipsmodule.cnf"
 )
diff --git a/versions/baseline.json b/versions/baseline.json
index 972d06006e8d45..497e162dba2b15 100644
--- a/versions/baseline.json
+++ b/versions/baseline.json
@@ -5861,7 +5861,7 @@
       "port-version": 1
     },
     "openssl": {
-      "baseline": "3.1.0",
+      "baseline": "3.1.2",
       "port-version": 1
     },
     "openssl-unix": {
diff --git a/versions/o-/openssl.json b/versions/o-/openssl.json
index e782c806abe905..acd5127c7468e1 100644
--- a/versions/o-/openssl.json
+++ b/versions/o-/openssl.json
@@ -1,5 +1,40 @@
 {
   "versions": [
+    {
+      "git-tree": "5a99562f8ac47a68a58efba5f0d40259fedeecc5",
+      "version": "3.1.2",
+      "port-version": 1
+    },
+    {
+      "git-tree": "db4486fff3146088dd150f067ebf940c649ffe42",
+      "version": "3.1.2",
+      "port-version": 0
+    },
+    {
+      "git-tree": "da3981b5b899f4e74db269ca4854f4bf05d9d387",
+      "version": "3.1.1",
+      "port-version": 1
+    },
+    {
+      "git-tree": "dc8edd2b6e1e1552688c29dc46d5cd5c9183804b",
+      "version": "3.1.1",
+      "port-version": 0
+    },
+    {
+      "git-tree": "68137d1e48b5f9424e9de3d038a9e2c92f1baf39",
+      "version": "3.1.0",
+      "port-version": 4
+    },
+    {
+      "git-tree": "b99152f5be63f45b2f3be6eb1624d96d70b21b49",
+      "version": "3.1.0",
+      "port-version": 3
+    },
+    {
+      "git-tree": "64fc47730d346ecacc9f948c2c3138363ed8f702",
+      "version": "3.1.0",
+      "port-version": 2
+    },
     {
       "git-tree": "b123beef6759b490ff8679b5cd4db0f721a2808a",
       "version": "3.1.0",