This page was not yet optimized for use on mobile
devices.
Ubuntu 16.04 OpenSSL Cryptographic Module
Certificate #3725
Webpage information
Security policy
Symmetric Algorithms
AES, AES-, AES-128, AES-192, AES-256, DES, Triple-DES, TDES, TDEA, HMAC, HMAC-SHA-256, CMACAsymmetric Algorithms
ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, MD5Schemes
MAC, Key Exchange, Key AgreementProtocols
SSH, SSLv2.0, SSL v3.0, TLS, TLS v1.0, TLSv1.2, TLSv1.0, DTLS, IKERandomness
PRNG, DRBG, RNGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521, P-192, K-283, K-409, K-571, B-283, B-409, B-571, B-233, K-163, K-233, B-163Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTLS cipher suites
TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DH_RSA_WITH_AES_128_CBC_SHA256, TLS_DH_RSA_WITH_AES_256_CBC_SHA256, TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_DH_RSA_WITH_AES_256_GCM_SHA384, TLS_DH_DSS_WITH_AES_128_CBC_SHA256, TLS_DH_DSS_WITH_AES_256_CBC_SHA256, TLS_DH_DSS_WITH_AES_128_GCM_SHA256, TLS_DH_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHASecurity level
Level 1, level 1Side-channel analysis
Timing Attacks, timing attacks, Timing AttackStandards
FIPS 140-2, FIPS PUB 140-2, FIPS197, FIPS186-4, FIPS198-1, FIPS186-2, FIPS180-4, FIPS 198-1, FIPS140-2, SP 800-57, PKCS#1, RFC2246, RFC4346, RFC5288, RFC5246, RFC4253, RFC7296, RFC3268, RFC4492, RFC5289, RFC5116, RFC6655, RFC7251, RFC4279, RFC5487, RFC5489File metadata
| Title | Microsoft Word - UbuntuOpenSSL-SecurityPolicy.doc |
|---|---|
| Creation date | D:20200925205345Z00'00' |
| Modification date | D:20200925205345Z00'00' |
| Pages | 48 |
| Creator | Word |
| Producer | macOS Version 10.14.6 (Build 18G5033) Quartz PDFContext |
References
IncomingHeuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3725,
"dgst": "8b088301586d31d3",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"DSA#C1269",
"RSA#C1305",
"DRBG#C1265",
"AES#C1260",
"HMAC#C1304",
"AES#C1270",
"DRBG#C1305",
"DRBG#C1304",
"RSA#C1304",
"AES#C1266",
"KTS#C1269",
"DSA#C1304",
"Triple-DES#C1257",
"AES#C1264",
"KTS#C1304",
"HMAC#C1305",
"SHS#C1269",
"ECDSA#C1305",
"AES#C1258",
"AES#C1267",
"KTS#C1305",
"DSA#C1305",
"ECDSA#C1304",
"CVL#C1305",
"HMAC#C1269",
"SHS#C1304",
"DRBG#C1269",
"AES#C1261",
"AES#C1259",
"CVL#C1269",
"KTS#C1257",
"RSA#C1269",
"CVL#C1304",
"SHS#C1305",
"AES#C1265",
"ECDSA#C1269"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"16.04"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"2907",
"2906"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"2907",
"2906"
]
},
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"2907",
"2906"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"2907",
"2906"
]
},
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 7
},
"ECDSA": {
"ECDSA": 26
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 41
},
"DSA": {
"DSA": 32
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 9
},
"CCM": {
"CCM": 7
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 9
},
"GCM": {
"GCM": 14
},
"OFB": {
"OFB": 5
},
"XTS": {
"XTS": 8
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 53
}
},
"crypto_protocol": {
"IKE": {
"IKE": 1
},
"SSH": {
"SSH": 1
},
"TLS": {
"DTLS": {
"DTLS": 2
},
"SSL": {
"SSL v3.0": 1,
"SSLv2.0": 1
},
"TLS": {
"TLS": 60,
"TLS v1.0": 2,
"TLSv1.0": 1,
"TLSv1.2": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 11
},
"KEX": {
"Key Exchange": 1
},
"MAC": {
"MAC": 8
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 2,
"B-233": 2,
"B-283": 3,
"B-409": 3,
"B-571": 3,
"K-163": 2,
"K-233": 2,
"K-283": 3,
"K-409": 3,
"K-571": 3,
"P-192": 4,
"P-224": 14,
"P-256": 20,
"P-384": 12,
"P-521": 14
}
},
"eval_facility": {
"atsec": {
"atsec": 50
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES-128": 1,
"AES-192": 1,
"AES-256": 2,
"HMAC SHA-1": 1,
"HMAC-SHA-256": 2,
"PKCS#1": 6,
"SHA 1": 1,
"SHA 224": 1,
"SHA 256": 1,
"SHA 384": 1,
"SHA 512": 1,
"SHA-1": 16,
"SHA-224": 15,
"SHA-256": 26,
"SHA-384": 14,
"SHA-512": 9,
"SHA-512 1024": 2,
"SHA-512 112": 1,
"SHA-512 2048": 2,
"SHA-512 4096": 1,
"SHA1": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 3,
"level 1": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 7
}
},
"SHA": {
"SHA1": {
"SHA-1": 16,
"SHA1": 2
},
"SHA2": {
"SHA-224": 15,
"SHA-256": 26,
"SHA-384": 14,
"SHA-512": 15
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 30,
"PRNG": 2
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {
"SCA": {
"Timing Attack": 1,
"Timing Attacks": 2,
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-2": 58,
"FIPS 198-1": 1,
"FIPS PUB 140-2": 2,
"FIPS140-2": 1,
"FIPS180-4": 4,
"FIPS186-2": 1,
"FIPS186-4": 6,
"FIPS197": 2,
"FIPS198-1": 2
},
"NIST": {
"SP 800-57": 1
},
"PKCS": {
"PKCS#1": 3
},
"RFC": {
"RFC2246": 7,
"RFC3268": 13,
"RFC4253": 1,
"RFC4279": 10,
"RFC4346": 3,
"RFC4492": 10,
"RFC5116": 5,
"RFC5246": 14,
"RFC5288": 14,
"RFC5289": 8,
"RFC5487": 13,
"RFC5489": 6,
"RFC6655": 13,
"RFC7251": 5,
"RFC7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 64,
"AES-": 2,
"AES-128": 1,
"AES-192": 1,
"AES-256": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"TDES": 2,
"Triple-DES": 32
},
"DES": {
"DES": 3
}
},
"constructions": {
"MAC": {
"CMAC": 10,
"HMAC": 27,
"HMAC-SHA-256": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA": 1,
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256": 1,
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256": 1,
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA": 1,
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256": 1,
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384": 1,
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 1,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_DH_DSS_WITH_AES_128_CBC_SHA": 1,
"TLS_DH_DSS_WITH_AES_128_CBC_SHA256": 1,
"TLS_DH_DSS_WITH_AES_128_GCM_SHA256": 1,
"TLS_DH_DSS_WITH_AES_256_CBC_SHA": 1,
"TLS_DH_DSS_WITH_AES_256_CBC_SHA256": 1,
"TLS_DH_DSS_WITH_AES_256_GCM_SHA384": 1,
"TLS_DH_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_DH_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_DH_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_DH_RSA_WITH_AES_256_CBC_SHA": 1,
"TLS_DH_RSA_WITH_AES_256_CBC_SHA256": 1,
"TLS_DH_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_PSK_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_PSK_WITH_AES_128_CBC_SHA": 1,
"TLS_PSK_WITH_AES_256_CBC_SHA": 1,
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": 1,
"TLS_RSA_WITH_AES_128_CBC_SHA": 1,
"TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_RSA_WITH_AES_256_CBC_SHA": 1,
"TLS_RSA_WITH_AES_256_CBC_SHA256": 1,
"TLS_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/AAPL:Keywords": "[]",
"/CreationDate": "D:20200925205345Z00\u002700\u0027",
"/Creator": "Word",
"/Keywords": "",
"/ModDate": "D:20200925205345Z00\u002700\u0027",
"/Producer": "macOS Version 10.14.6 (Build 18G5033) Quartz PDFContext",
"/Title": "Microsoft Word - UbuntuOpenSSL-SecurityPolicy.doc",
"pdf_file_size_bytes": 855144,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 48
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "2536604f33dc63ad85469063f280fb234ba83761b8da43e827045e5f004e607c",
"policy_txt_hash": "667857b00278874658325e7bfe2bfcf35ab28588ea880682a58331b62b0610dd"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2020_021120_0702_signed.pdf",
"date_sunset": null,
"description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A"
],
"fw_versions": null,
"historical_reason": "SP 800-56Arev3 transition - replaced by certificate #4589",
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Ubuntu 16.04 OpenSSL Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "2.0",
"tested_conf": [
"Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 with PAA",
"Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with Intel Xeon E5 without PAA (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2020-10-09",
"lab": "atsec information security corporation",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2021-10-18",
"lab": "atsec information security corporation",
"validation_type": "Update"
}
],
"vendor": "Canonical Ltd.",
"vendor_url": "http://www.canonical.com"
}
}