OpenSSL Blog

OpenSSL 3.1 FIPS Module Has Been Submitted for Validation


On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s Cryptographic Module Validation Program (CMVP).

This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.

You can see the official listing for the submission in the modules in process list (scroll down to the “OpenSSL FIPS Provider” entry from “The OpenSSL Project”).

The algorithm certificates are also available.

The following platforms have been tested:

Operating System Processor
Debian 11.5 Intel i7
FreeBSD 13.1 Intel i7
macOS 11.5.2 Apple M1
macOS 11.5.2 Intel i7
Ubuntu Linux 22.04.1 Server Intel i7
Windows 10 Intel i7

The next step is waiting for the CMVP review. It is likely to be months until a reviewer is assigned.

Once the certificate is issued, premium support customers will be able to take advantage of our no cost rebrand offer for this certificate in addition to the 3.0 certificate.

It isn’t possible to provide a timeframe in which we can be certain the CMVP review process will be complete. It is expected to take many months.