OpenSSL

Cryptography and SSL/TLS Toolkit

FIPS-140

The current validation of a cryptographic module (Module) compatible with the OpenSSL 1.0.2 is v2.0.16, FIPS 140-2 certificate #1747. This Module is documented in the 2.0 User Guide; the source code, and Security Policy are also available.

For various bureaucratic reasons, the same module is also available as validation #2398 (revision 2.0.16).

Neither validation will work with any release other than 1.0.2. The OpenSSL project is no longer maintaining either the 1747 or the 2398 module. This includes adding platforms to those validations. We are starting work on a new validation, after the 1.1.1 release completes. That module will have a small set of validated operational environments. The OpenSSL project is no longer involved in private label validations nor adding platforms to the existing certificates.

Here is the complete set of files. Note that if you are interested in the "1747" validation, you only need the three files mentioned above.

KBytes  Date   File 
2019-Feb-01 11:15:23  privatelabel.html
2019-Feb-01 11:15:23  verifycd.html
20  2019-Feb-01 11:15:23  verifycd.jpg
80847  2018-Dec-25 15:14:55  fips-2.0-tv.tar.gz
2018-Dec-25 15:14:55  incore.gz
2018-Dec-25 15:14:55  incore2
5527  2018-Dec-25 15:14:55  rsp.HP-UX.2005-07-01.tar.gz
5565  2018-Dec-25 15:14:55  rsp.SuSE.2005-06-30.tar.gz
5566  2018-Dec-25 15:14:55  rsp.SuSE.2005-07-01.tar.gz
8738  2018-Dec-25 15:14:55  testvectors-linux-2007-10-10.tar.gz
8899  2018-Dec-25 15:14:55  testvectors-XP-2007-10-09.zip
4052  2018-Dec-25 15:14:55  testvectors.HP-UX.tar.gz
4149  2018-Dec-25 15:14:55  testvectors.SuSE.tar.gz
1912  2018-Dec-25 15:14:55  UserGuide-2.0.pdf
218  2018-Dec-25 15:14:55  UserGuide.pdf
1362  2018-Dec-25 15:14:54  SecurityPolicy-1.1.1.pdf
419  2018-Dec-25 15:14:54  SecurityPolicy-1.1.2.pdf
630  2018-Dec-25 15:14:54  SecurityPolicy-1.2.2.pdf
390  2018-Dec-25 15:14:54  SecurityPolicy-1.2.3.pdf
390  2018-Dec-25 15:14:54  SecurityPolicy-1.2.4.pdf
840  2018-Dec-25 15:14:54  SecurityPolicy-1.2.pdf
442  2018-Dec-25 15:14:54  SecurityPolicy-2.0.1.pdf
801  2018-Dec-25 15:14:54  SecurityPolicy-2.0.10.odt
930  2018-Dec-25 15:14:54  SecurityPolicy-2.0.10.pdf
881  2018-Dec-25 15:14:54  SecurityPolicy-2.0.11.pdf
888  2018-Dec-25 15:14:54  SecurityPolicy-2.0.12.pdf
895  2018-Dec-25 15:14:54  SecurityPolicy-2.0.13.pdf
916  2018-Dec-25 15:14:54  SecurityPolicy-2.0.14.pdf
918  2018-Dec-25 15:14:54  SecurityPolicy-2.0.15.pdf
919  2018-Dec-25 15:14:54  SecurityPolicy-2.0.16.pdf
439  2018-Dec-25 15:14:54  SecurityPolicy-2.0.2.pdf
452  2018-Dec-25 15:14:54  SecurityPolicy-2.0.3.pdf
453  2018-Dec-25 15:14:54  SecurityPolicy-2.0.4.pdf
456  2018-Dec-25 15:14:54  SecurityPolicy-2.0.5.pdf
497  2018-Dec-25 15:14:54  SecurityPolicy-2.0.6.pdf
505  2018-Dec-25 15:14:54  SecurityPolicy-2.0.7.pdf
508  2018-Dec-25 15:14:54  SecurityPolicy-2.0.8.pdf
793  2018-Dec-25 15:14:54  SecurityPolicy-2.0.9.odt
513  2018-Dec-25 15:14:54  SecurityPolicy-2.0.9.pdf
440  2018-Dec-25 15:14:54  SecurityPolicy-2.0.pdf
869  2018-Dec-25 15:14:54  SecurityPolicy-RE-2.0.10.pdf
665  2018-Dec-25 15:14:54  UserGuide-1.1.1.pdf
903  2018-Dec-25 15:14:54  UserGuide-1.2.pdf

 

Background

Please please read the User Guide.

  • OpenSSL itself is not validated. Instead a special carefully defined software component called the OpenSSL FIPS Object Module has been created. This Module was designed for compatibility with OpenSSL so that products using the OpenSSL API can be converted to use validated cryptography with minimal effort.
  • The OpenSSL FIPS Object Module validation is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis.
  • If even a single line of the source code or build process has to be changed for your intended application, you cannot use the open source based validated module directly. You must obtain your own validation.