OpenSSL Blog

OpenSSL 3.0 FIPS Module Has Been Submitted for Validation


Following on from the recent announcement that OpenSSL 3.0 has been released, we have now also submitted our FIPS 140-2 validation report to NIST’s Cryptographic Module Validation Program (CMVP).

You can see the official listing for the submission here (scroll down to the “OpenSSL FIPS Provider” entry from “The OpenSSL Project”).

The algorithm certificates are also available here

The following platforms have been tested:

  • Ubuntu Linux 20.04.1 Server on Intel i7
  • Windows 10 on Intel i7
  • Custom Ubuntu Linux 18.04 on Intel Xeon D1541
  • Debian 10 on Intel Xeon Silver 4116
  • FreeBSD stable/13 on Intel Xeon Broadwell E5-2695v4
  • Oracle Solaris 11.4 on Oracle SPARC M8-1
  • PhotonOS 4.0 on ESXi 7.0 on Intel Xeon Gold 6230R
  • Windows Server 2019 on ESXi 7.0 on Intel Xeon Gold 6230R

The next step is waiting for the CMVP review. It is likely to be many months until a reviewer is assigned.