Skip to main content

OpenSSL Regains FIPS 140-2 Validation

The Open Source Software Institute (OSSI) announced today the FIPS 140-2 re-validation of the OpenSSL FIPS Object Module, a cryptographic library based on the widely used OpenSSL product. The official validation certificate (#733) is now posted at the NIST FIPS 140-1 and 140-2 Cryptographic Modules Validation List (opens in new tab).

The OpenSSL FIPS Object Module is freely available for download here. The OpenSSL FIPS Object Module Security Policy and User Guide are also available for download through the OSSI website (opens in new tab) and may be used and reproduced without restriction.

"The OpenSSL FIPS Object Module is CMVP-validated software, paid for by DoD and corporate sponsors, and is now available at no additional cost for government and other entities to acquire and implement," said OSSI executive director John Weathersby. "By once again securing FIPS 140 validation for the OpenSSL Object Module, we've helped to demonstrate the validity and durability of the open source development model, even within the most stringent confines of the government Information Assurance (IA) validation process."

OpenSSL is an open source library that provides cryptographic functionality to applications such as secure web servers. The Cryptographic Module Validation Program (CMVP), a joint effort between the U.S. National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE), validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 and other cryptography-based standards.

"This validation is a first," noted Steve Marquess, the OSSI technical project manager for this effort. "Government programs, and the commercial vendors supplying those programs, now have access to a validated cryptographic library supporting the very popular OpenSSL API without the delays and expense of separate FIPS 140-2 validations for each and every application."

The FIPS validated OpenSSL Cryptographic Module v1.1.1 is defined as a specific discrete unit of binary object code generated from a specific OpenSSL source distribution. This source distribution is compiled to create a library that is used to provide a cryptographic API (Application Programming Interface) to external applications, and is compatible with a wide variety of hardware and operating system platforms.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.