This page was not yet optimized for use on mobile
devices.
SUSE Linux Enterprise Server 12 - OpenSSH Server Module
Certificate #2471
Webpage information
Security policy
Symmetric Algorithms
AES, CAST, RC4, DES, Triple-DES, TDEA, ChaCha20, Poly1305, Blowfish, HMAC, HMAC-SHA-256Asymmetric Algorithms
ECDH, ECDSA, Diffie-Hellman, DSAHash functions
SHA-1, SHA-224, SHA-384, SHA-256, MD5, RIPEMD160Schemes
MAC, Key AgreementProtocols
SSH, SSHv2, SSHv1Randomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-256, P-384, P-521, Curve25519, Ed25519Block cipher modes
CBC, CTR, GCMSecurity level
Level 1, level 1Certification process
out of scope, during initial configuration include generating the server's public-private key pair, which is out of scope for this validation. The server public key is only sent to the client and the Module does not use, through that session, whichever occurs first. Persistently stored secret and private keys are out of scope, but may be zeroized by using a FIPS140-2 approved mechanism to clear data on hard disks. 6.2. KeyStandards
FIPS 140-2, FIPS140-2, FIPS 197, FIPS 180-4, FIPS 198-1, FIPS 186-4, SP 800-90A, SP 800-135, SP 800-131A, NIST SP 800-67, NIST SP 800-56A, NIST SP 800-90A, NIST SP 800-131A, NIST SP 800-135File metadata
| Title | FIPS 140-2 Non-Proprietary Security Policy |
|---|---|
| Subject | SUSE Linux Enterprise Server 12 - OpenSSH Server Module |
| Author | CMVP |
| Creation date | D:20171221194240-06'00' |
| Modification date | D:20171221194240-06'00' |
| Pages | 22 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
References
Outgoing- 4588 - historical - SafeZone FIPS Cryptographic Module
- 2435 - historical - SUSE Linux Enterprise Server 12 - OpenSSL Module
- 2439 - historical - NPCT6XX TPM 1.2
- 4594 - historical - Ubuntu 18.04 IBM-GT Kernel Crypto API Cryptographic Module
- 431 - historical - GemXpresso Pro R3 E64 PK - FIPS
- 675 - historical - nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
- 4595 - historical - VMware's IKE Crypto Module
- 2648 - historical - NetApp Cryptographic Security Module
- 1537 - historical - Brocade Mobility RFS7000 Controller
- 586 - historical - Subscriber Encryption Module (SEM)
- 2015 - historical - Apple OS X CoreCrypto Module, v4.0
- 2519 - historical - HP FlexFabric 5900CP and 12910 Switch Series
- 1536 - historical - Astro Subscriber Motorola Advanced Crypto Engine (MACE)
- 4647 - active - Qualcomm® Crypto Engine Core
- 4623 - historical - Aruba AP-203R, AP-203RP, and AP-303H Wireless Access Points
- 3789 - historical - Cisco ASA Cryptographic Module
- 3197 - historical - Cryptographic Primitives Library
- 2505 - historical - Cisco FIPS Object Module
- 3768 - historical - REDCOM OpenSSL Cryptographic Module
- 4646 - active - RSA BSAFE® Crypto-J JSAFE and JCE Software Module 6.2.5
- 2646 - historical - Samsung Flash Memory Protector V1.1
- 1276 - historical - Mocana Cryptographic Suite B Module
- 1538 - historical - Datacryptor® 100M Ethernet
- 2014 - historical - Atmel Trusted Platform Module
- 1131 - historical - McAfee Endpoint Encryption for PCs
- 674 - historical - nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
- 4622 - active - NPCT7xx TPM 2.0 rev 1.38
- 1552 - historical - Check Point IP Appliance
- 1539 - historical - Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16
- 1531 - historical - RFS7000 RF Switch
- 3060 - historical - CommVault Crypto Library
- 3042 - historical - Datacryptor® 100M Ethernet
- 1127 - historical - CryptoStor Tape SC702R
- 3770 - historical - Qualcomm® Trusted Execution Environment Software Cryptographic Library
- 2645 - historical - RF-7800W Broadband Ethernet Radio
- 3045 - historical - None
- 3198 - historical - MultiApp V4.0 Platform
- 3199 - historical - FortiGate-3700D/3815D
- 1553 - historical - SLM-5650A TRANSEC Module
- 3771 - historical - LifeCare PCA™ Infusion Pump
- 4645 - active - RSA BSAFE® Crypto-J JSAFE and JCE Software Module 6.2.5
- 3788 - historical - NITROXIII CNN35XX-NFBE HSM Family
- 2016 - historical - Apple OS X CoreCrypto Kernel Module, v4.0
- 3769 - historical - PTP 820C, PTP 820C-HP, PTP 820C 2E2SX, PTP 820S, PTP 820N, PTP 820A, PTP 820G, and PTP 820GX
- 1628 - historical - XM Crypto Module
- 3044 - historical - None
- 3043 - historical - CA Technologies C-Security Kernel
- 676 - historical - Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module
- 1540 - historical - XYGATE /ESDK
- 1263 - historical - StoneGate Firewall / VPN Core
- 3059 - historical - Atalla Cryptographic Subsystem (ACS)
- 1823 - historical - Cisco Telepresence C40, C60, and C90 Codecs
- 1535 - historical - Astro Subscriber Motorola Advanced Crypto Engine (MACE)
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 2471,
"dgst": "af03a51e581f58ba",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"CVL#1493",
"CVL#1492",
"CVL#483"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"12"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2435"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2435"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"2435"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"2015",
"3199",
"675",
"2645",
"4647",
"1540",
"2648",
"674",
"3771",
"3789",
"1531",
"3769",
"1276",
"2646",
"2519",
"1263",
"3044",
"1553",
"3045",
"431",
"2439",
"2016",
"3197",
"1537",
"3060",
"1127",
"1539",
"3770",
"2435",
"3042",
"1131",
"586",
"1552",
"1535",
"3198",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"676",
"1536",
"3768",
"4594",
"2505",
"3043",
"4622"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"3199",
"675",
"2015",
"2645",
"3480",
"3090",
"4647",
"1540",
"2507",
"2648",
"2017",
"674",
"4594",
"3789",
"3771",
"1531",
"3195",
"1219",
"3194",
"3769",
"1276",
"2646",
"2519",
"1263",
"3044",
"1553",
"3091",
"3045",
"3651",
"3196",
"431",
"2439",
"2016",
"3197",
"1537",
"1127",
"3060",
"2435",
"3089",
"1539",
"3770",
"3042",
"1131",
"586",
"3644",
"1552",
"1535",
"3198",
"3096",
"3114",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"2481",
"676",
"1930",
"1536",
"3768",
"3615",
"2505",
"3043",
"4622"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"2015",
"3199",
"675",
"2645",
"4647",
"1540",
"2648",
"674",
"3789",
"3771",
"1531",
"3769",
"1276",
"2519",
"1263",
"1553",
"3045",
"3768",
"431",
"2439",
"2016",
"3043",
"3197",
"1537",
"3060",
"1127",
"1539",
"3770",
"2435",
"3042",
"1131",
"586",
"1552",
"1535",
"3198",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"676",
"1536",
"2646",
"4594",
"2505",
"3044",
"4622"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 10
}
},
"FF": {
"DH": {
"Diffie-Hellman": 15
},
"DSA": {
"DSA": 6
}
}
},
"certification_process": {
"OutOfScope": {
"during initial configuration include generating the server\u0027s public-private key pair, which is out of scope for this validation. The server public key is only sent to the client and the Module does not use": 1,
"out of scope": 2,
"through that session, whichever occurs first. Persistently stored secret and private keys are out of scope, but may be zeroized by using a FIPS140-2 approved mechanism to clear data on hard disks. 6.2. Key": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 42
}
},
"crypto_protocol": {
"SSH": {
"SSH": 45,
"SSHv1": 1,
"SSHv2": 2
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 5
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 2
},
"Edwards": {
"Ed25519": 5
},
"NIST": {
"P-256": 2,
"P-384": 4,
"P-521": 4
}
},
"eval_facility": {
"atsec": {
"atsec": 24
}
},
"fips_cert_id": {
"Cert": {
"#1127": 1,
"#1131": 1,
"#1263": 2,
"#1276": 2,
"#1492": 1,
"#1493": 1,
"#1531": 1,
"#1535": 1,
"#1536": 1,
"#1537": 1,
"#1538": 1,
"#1539": 1,
"#1540": 1,
"#1552": 1,
"#1553": 1,
"#1628": 1,
"#1823": 1,
"#2014": 1,
"#2015": 1,
"#2016": 1,
"#2435": 2,
"#2439": 1,
"#2455": 1,
"#2505": 1,
"#2519": 1,
"#2645": 1,
"#2646": 1,
"#2648": 1,
"#3038": 2,
"#3042": 1,
"#3043": 1,
"#3044": 1,
"#3045": 1,
"#3059": 1,
"#3060": 1,
"#3197": 1,
"#3198": 1,
"#3199": 1,
"#3768": 1,
"#3769": 1,
"#3770": 1,
"#3771": 1,
"#3788": 1,
"#3789": 1,
"#431": 2,
"#4588": 1,
"#4594": 1,
"#4595": 1,
"#4622": 1,
"#4623": 1,
"#4645": 1,
"#4646": 1,
"#4647": 1,
"#483": 1,
"#586": 1,
"#674": 1,
"#675": 1,
"#676": 1
}
},
"fips_certlike": {
"Certlike": {
"#1492 CVL": 1,
"#2455 RSA": 1,
"#3038 AES": 1,
"Cert. #483 CVL": 1,
"HMAC- SHA-256": 1,
"HMAC-SHA- 256": 4,
"HMAC-SHA- 512": 4,
"HMAC-SHA-1": 4,
"HMAC-SHA-256": 4,
"SHA- 256": 1,
"SHA- 512": 1,
"SHA-1": 1,
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"level 1": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 2
}
},
"RIPEMD": {
"RIPEMD160": 2
},
"SHA": {
"SHA1": {
"SHA-1": 1
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 20
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 17,
"FIPS 180-4": 1,
"FIPS 186-4": 1,
"FIPS 197": 1,
"FIPS 198-1": 1,
"FIPS140-2": 1
},
"NIST": {
"NIST SP 800-131A": 1,
"NIST SP 800-135": 1,
"NIST SP 800-56A": 1,
"NIST SP 800-67": 1,
"NIST SP 800-90A": 1,
"SP 800-131A": 2,
"SP 800-135": 2,
"SP 800-90A": 10
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 9
},
"CAST": {
"CAST": 2
},
"RC": {
"RC4": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"Triple-DES": 7
},
"DES": {
"DES": 4
}
},
"constructions": {
"MAC": {
"HMAC": 16,
"HMAC-SHA-256": 2
}
},
"djb": {
"ChaCha": {
"ChaCha20": 2
},
"Poly": {
"Poly1305": 2
}
},
"miscellaneous": {
"Blowfish": {
"Blowfish": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "CMVP",
"/CreationDate": "D:20171221194240-06\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20171221194240-06\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"/Subject": "SUSE Linux Enterprise Server 12 - OpenSSH Server Module",
"/Title": "FIPS 140-2 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 715603,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1537",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3042",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1536",
"http://csrc.nist.gov/groups/STM/cmvp/standards.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1531",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4623",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/ECDSA#1127",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1553",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1492",
"http://csrc.nist.gov/publications/PubsFIPS.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1552",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1535",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4622",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2455",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4594",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3059",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3060",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3043",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1493",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4645",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4588",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3788",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3770",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3044",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1263",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3771",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4647",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/ECDSA#1131",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1276",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1539",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1540",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2439",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4595",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3789",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4646",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3769",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/RSA#2505",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3045",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1538",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/RSA#2519",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3768"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 22
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "bd5e06aa527dfb8bd0fbbfb1741ac5c7bdadfcdab320cef3f906c6d68aaabe96",
"policy_txt_hash": "9bad3ba075b6218e16ae64ab053a40066a5735ef37da700d152fbcc180740046"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 [1] operating in FIPS mode or with SUSE Linux Enterprise Server OpenSSL Module validated to FIPS 140-2 under Cert. #3038 [2] operating in FIPS mode.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertNov2015.pdf",
"date_sunset": null,
"description": "SUSE server software that provides encrypted network communication using the SSH protocol.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": null,
"historical_reason": "Moved to historical list due to sunsetting",
"hw_versions": null,
"level": 1,
"mentioned_certs": {
"2435": 1,
"3038": 1
},
"module_name": "SUSE Linux Enterprise Server 12 - OpenSSH Server Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "1.0 [1] and 2.0 [2]",
"tested_conf": [
"SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with AES-NI[1]",
"SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without AES-NI[1]",
"SUSE Linux Enterprise Server 12 SP2 running on FUJITSU Server PRIMERGY CX2570 M2 inside a CX400 M1 enclosure with AES-NI[2]",
"SUSE Linux Enterprise Server 12 SP2 running on FUJITSU Server PRIMERGY CX2570 M2 inside a CX400 M1 enclosure without AES-NI[2]",
"SUSE Linux Enterprise Server 12 SP2 running on IBM z13[2] (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2015-11-13",
"lab": "atsec information security corporation",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-01-02",
"lab": "atsec information security corporation",
"validation_type": "Update"
}
],
"vendor": "SUSE, LLC",
"vendor_url": "http://www.suse.com"
}
}