On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST’s
Cryptographic Module Validation Program (CMVP).
This in no way impacts our existing FIPS 140-2 certificate which remains
valid and will be maintained until its sunset date in September 2026.
You can see the official listing for the submission in the
modules in progress list (scroll down to the “OpenSSL FIPS Provider”
entry from “The OpenSSL Project”).
The algorithm certificates are also available.
The following platforms have been tested:
| Operating System | Processor |
|---|---|
| Debian 11.5 | Intel i7 |
| FreeBSD 13.1 | Intel i7 |
| macOS 11.5.2 | Apple M1 |
| macOS 11.5.2 | Intel i7 |
| Ubuntu Linux 22.04.1 Server | Intel i7 |
| Windows 10 | Intel i7 |
The next step is waiting for the CMVP review. It is likely to be months
until a reviewer is assigned.
Once the certificate is issued, premium support customers will be able
to take advantage of our no cost rebrand offer for this certificate
in addition to the 3.0 certificate.
It isn’t possible to provide a timeframe in which we can be certain the
CMVP review process will be complete. It is expected to take many months.