4. OpenSSL 3.1 FIPS Module Has Been Submitted for Validation

OpenSSL 3.1 FIPS Module Has Been Submitted for Validation


  • On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s Cryptographic Module Validation Program (CMVP).

    This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.

    You can see the official listing for the submission in the modules in progress list (scroll down to the “OpenSSL FIPS Provider” entry from “The OpenSSL Project”).

    The algorithm certificates are also available.

    The following platforms have been tested:

    Operating System Processor
    Debian 11.5 Intel i7
    FreeBSD 13.1 Intel i7
    macOS 11.5.2 Apple M1
    macOS 11.5.2 Intel i7
    Ubuntu Linux 22.04.1 Server Intel i7
    Windows 10 Intel i7

    The next step is waiting for the CMVP review. It is likely to be months until a reviewer is assigned.

    Once the certificate is issued, premium support customers will be able to take advantage of our no cost rebrand offer for this certificate in addition to the 3.0 certificate.

    It isn’t possible to provide a timeframe in which we can be certain the CMVP review process will be complete. It is expected to take many months.



    https://www.openssl.org/blog/blog/2024/01/04/OpenSSL31-fips-submission/
Log in to reply
 

© Lightnetics 2024