OpenSSL 3.1 FIPS Module has been submitted for validation
On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST's Cryptographic Module Validation Program (CMVP).
This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.
You can see the official listing for the submission in the modules in process list (scroll down to the "OpenSSL FIPS Provider" entry from "The OpenSSL Project").
The algorithm certificates are also available.
The following platforms have been tested:
| Operating System | Processor |
|---|---|
| Debian 11.5 | Intel i7 |
| FreeBSD 13.1 | Intel i7 |
| macOS 11.5.2 | Apple M1 |
| macOS 11.5.2 | Intel i7 |
| Ubuntu Linux 22.04.1 Server | Intel i7 |
| Windows 10 | Intel i7 |
The next step is waiting for the CMVP review. It is likely to be months until a reviewer is assigned.
Once the certificate is issued, premium support customers will be able to take advantage of our no cost rebrand offer for this certificate in addition to the 3.0 certificate.
It isn't possible to provide a timeframe in which we can be certain the CMVP review process will be complete. It is expected to take many months.