OpenSSL

Cryptography and SSL/TLS Toolkit

FIPS-140

The most recent open source based validation of a cryptographic module (Module) compatible with the OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate #1747. This Module is documented in the 2.0 User Guide; the source code, and Security Policy are also available.

For various bureaucratic reasons, the same module is also available as validation #2398 (revision 2.0.16).

Here is the complete set of files. Note that if you are interested in the "1747" validation, you only need the three files mentioned above.

KBytes  Date   File 
2017-Nov-14 23:12:38  privatelabel.html
916  2017-May-25 13:14:26  SecurityPolicy-2.0.14.pdf
918  2017-May-25 13:14:26  SecurityPolicy-2.0.15.pdf
919  2017-May-25 13:14:26  SecurityPolicy-2.0.16.pdf
1912  2017-Mar-14 13:28:35  UserGuide-2.0.pdf
895  2016-Sep-22 14:42:46  SecurityPolicy-2.0.13.pdf
440  2016-Jul-29 17:23:38  SecurityPolicy-2.0.pdf
888  2016-Feb-13 18:04:30  SecurityPolicy-2.0.12.pdf
869  2016-Feb-13 18:04:30  SecurityPolicy-RE-2.0.10.pdf
881  2016-Jan-06 23:26:44  SecurityPolicy-2.0.11.pdf
801  2015-Oct-08 19:09:35  SecurityPolicy-2.0.10.odt
930  2015-Sep-05 12:49:42  SecurityPolicy-2.0.10.pdf
80847  2015-Aug-16 01:28:41  fips-2.0-tv.tar.gz
2015-Aug-16 01:28:41  incore.gz
5527  2015-Aug-16 01:28:41  rsp.HP-UX.2005-07-01.tar.gz
5565  2015-Aug-16 01:28:41  rsp.SuSE.2005-06-30.tar.gz
5566  2015-Aug-16 01:28:41  rsp.SuSE.2005-07-01.tar.gz
1362  2015-Aug-16 01:28:41  SecurityPolicy-1.1.1.pdf
419  2015-Aug-16 01:28:41  SecurityPolicy-1.1.2.pdf
630  2015-Aug-16 01:28:41  SecurityPolicy-1.2.2.pdf
390  2015-Aug-16 01:28:41  SecurityPolicy-1.2.3.pdf
390  2015-Aug-16 01:28:41  SecurityPolicy-1.2.4.pdf
840  2015-Aug-16 01:28:41  SecurityPolicy-1.2.pdf
442  2015-Aug-16 01:28:41  SecurityPolicy-2.0.1.pdf
439  2015-Aug-16 01:28:41  SecurityPolicy-2.0.2.pdf
452  2015-Aug-16 01:28:41  SecurityPolicy-2.0.3.pdf
453  2015-Aug-16 01:28:41  SecurityPolicy-2.0.4.pdf
456  2015-Aug-16 01:28:41  SecurityPolicy-2.0.5.pdf
497  2015-Aug-16 01:28:41  SecurityPolicy-2.0.6.pdf
505  2015-Aug-16 01:28:41  SecurityPolicy-2.0.7.pdf
508  2015-Aug-16 01:28:41  SecurityPolicy-2.0.8.pdf
793  2015-Aug-16 01:28:41  SecurityPolicy-2.0.9.odt
513  2015-Aug-16 01:28:41  SecurityPolicy-2.0.9.pdf
8738  2015-Aug-16 01:28:41  testvectors-linux-2007-10-10.tar.gz
4052  2015-Aug-16 01:28:41  testvectors.HP-UX.tar.gz
4149  2015-Aug-16 01:28:41  testvectors.SuSE.tar.gz
665  2015-Aug-16 01:28:41  UserGuide-1.1.1.pdf
903  2015-Aug-16 01:28:41  UserGuide-1.2.pdf
218  2015-Aug-16 01:28:41  UserGuide.pdf
2011-May-10 10:52:17  incore2
8899  2007-Oct-09 22:56:58  testvectors-XP-2007-10-09.zip

 

Background

Please please read the User Guide.

  • OpenSSL itself is not validated. Instead a special carefully defined software component called the OpenSSL FIPS Object Module has been created. This Module was designed for compatibility with OpenSSL so that products using the OpenSSL API can be converted to use validated cryptography with minimal effort.
  • The OpenSSL FIPS Object Module validation is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis.
  • If even a single line of the source code or build process has to be changed for your intended application, you cannot use the open source based validated module directly. You must obtain your own validation.
  • None of the validations will work with OpenSSL 1.1.0 or later.
  • We are starting work on a new validation based on the upcoming 1.1.1 release.