This page was not yet optimized for use on mobile
devices.
SUSE Linux Enterprise Server 12 - OpenSSH Server Module
Certificate #2471
Webpage information
Security policy
Symmetric Algorithms
AES, CAST, RC4, DES, Triple-DES, TDEA, ChaCha20, Poly1305, Blowfish, HMAC, HMAC-SHA-256Asymmetric Algorithms
ECDH, ECDSA, Diffie-Hellman, DSAHash functions
SHA-1, SHA-224, SHA-384, SHA-256, MD5, RIPEMD160Schemes
MAC, Key AgreementProtocols
SSH, SSHv2, SSHv1Randomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-256, P-384, P-521, Curve25519, Ed25519Block cipher modes
CBC, CTR, GCMSecurity level
Level 1, level 1Certification process
out of scope, during initial configuration include generating the server's public-private key pair, which is out of scope for this validation. The server public key is only sent to the client and the Module does not use, through that session, whichever occurs first. Persistently stored secret and private keys are out of scope, but may be zeroized by using a FIPS140-2 approved mechanism to clear data on hard disks. 6.2. KeyStandards
FIPS 140-2, FIPS140-2, FIPS 197, FIPS 180-4, FIPS 198-1, FIPS 186-4, SP 800-90A, SP 800-135, SP 800-131A, NIST SP 800-67, NIST SP 800-56A, NIST SP 800-90A, NIST SP 800-131A, NIST SP 800-135File metadata
| Title | FIPS 140-2 Non-Proprietary Security Policy |
|---|---|
| Subject | SUSE Linux Enterprise Server 12 - OpenSSH Server Module |
| Author | CMVP |
| Creation date | D:20171221194240-06'00' |
| Modification date | D:20171221194240-06'00' |
| Pages | 22 |
| Creator | Microsoft® Word 2016 |
| Producer | Microsoft® Word 2016 |
References
Outgoing- 2015 - historical - Apple OS X CoreCrypto Module, v4.0
- 4646 - historical - RSA BSAFE® Crypto-J JSAFE and JCE Software Module 6.2.5
- 2648 - historical - NetApp Cryptographic Security Module
- 3789 - historical - Cisco ASA Cryptographic Module
- 1276 - historical - Mocana Cryptographic Suite B Module
- 3768 - historical - REDCOM OpenSSL Cryptographic Module
- 4645 - historical - RSA BSAFE® Crypto-J JSAFE and JCE Software Module 6.2.5
- 2505 - historical - Cisco FIPS Object Module
- 2645 - historical - RF-7800W Broadband Ethernet Radio
- 674 - historical - nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
- 1553 - historical - SLM-5650A TRANSEC Module
- 4623 - historical - Aruba AP-203R, AP-203RP, and AP-303H Wireless Access Points
- 2016 - historical - Apple OS X CoreCrypto Kernel Module, v4.0
- 4622 - active - NPCT7xx TPM 2.0 rev 1.38
- 3043 - historical - CA Technologies C-Security Kernel
- 4588 - historical - SafeZone FIPS Cryptographic Module
- 675 - historical - nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
- 3769 - historical - PTP 820C, PTP 820C-HP, PTP 820C 2E2SX, PTP 820S, PTP 820N, PTP 820A, PTP 820G, and PTP 820GX
- 2439 - historical - NPCT6XX TPM 1.2
- 3060 - historical - CommVault Crypto Library
- 1537 - historical - Brocade Mobility RFS7000 Controller
- 2435 - historical - SUSE Linux Enterprise Server 12 - OpenSSL Module
- 3042 - historical - Datacryptor® 100M Ethernet
- 3788 - historical - NITROXIII CNN35XX-NFBE HSM Family
- 3059 - historical - Atalla Cryptographic Subsystem (ACS)
- 3770 - historical - Qualcomm® Trusted Execution Environment Software Cryptographic Library
- 4594 - historical - Ubuntu 18.04 IBM-GT Kernel Crypto API Cryptographic Module
- 3198 - historical - MultiApp V4.0 Platform
- 1538 - historical - Datacryptor® 100M Ethernet
- 3044 - historical - None
- 4595 - historical - VMware's IKE Crypto Module
- 676 - historical - Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module
- 3045 - historical - None
- 431 - historical - GemXpresso Pro R3 E64 PK - FIPS
- 1263 - historical - StoneGate Firewall / VPN Core
- 1540 - historical - XYGATE /ESDK
- 1127 - historical - CryptoStor Tape SC702R
- 2519 - historical - HP FlexFabric 5900CP and 12910 Switch Series
- 1131 - historical - McAfee Endpoint Encryption for PCs
- 1628 - historical - XM Crypto Module
- 1539 - historical - Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16
- 1535 - historical - Astro Subscriber Motorola Advanced Crypto Engine (MACE)
- 3197 - historical - Cryptographic Primitives Library
- 3199 - historical - FortiGate-3700D/3815D
- 4647 - active - Qualcomm® Crypto Engine Core
- 3771 - historical - LifeCare PCA™ Infusion Pump
- 1823 - historical - Cisco Telepresence C40, C60, and C90 Codecs
- 1552 - historical - Check Point IP Appliance
- 2014 - historical - Atmel Trusted Platform Module
- 1536 - historical - Astro Subscriber Motorola Advanced Crypto Engine (MACE)
- 1531 - historical - RFS7000 RF Switch
- 2646 - historical - Samsung Flash Memory Protector V1.1
- 586 - historical - Subscriber Encryption Module (SEM)
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 2471,
"dgst": "af03a51e581f58ba",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"CVL#1493",
"CVL#1492",
"CVL#483"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"12"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"2435"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"2435"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"2435"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"2015",
"3199",
"675",
"2645",
"4647",
"1540",
"2648",
"674",
"3771",
"3789",
"1531",
"3769",
"1276",
"2646",
"2519",
"1263",
"3044",
"1553",
"3045",
"431",
"2439",
"2016",
"3197",
"1537",
"3060",
"1127",
"1539",
"3770",
"2435",
"3042",
"1131",
"586",
"1552",
"1535",
"3198",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"676",
"1536",
"3768",
"4594",
"2505",
"3043",
"4622"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"3199",
"675",
"2015",
"2645",
"3480",
"3090",
"4647",
"1540",
"2507",
"2648",
"2017",
"674",
"4594",
"3789",
"3771",
"1531",
"3195",
"1219",
"3194",
"3769",
"1276",
"2646",
"2519",
"1263",
"3044",
"1553",
"3091",
"3045",
"3651",
"3196",
"431",
"2439",
"2016",
"3197",
"1537",
"1127",
"3060",
"2435",
"3089",
"1539",
"3770",
"3042",
"1131",
"586",
"3644",
"1552",
"1535",
"3198",
"3096",
"3114",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"2481",
"676",
"1930",
"1536",
"3768",
"3615",
"2505",
"3043",
"4622"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"4646",
"3788",
"1628",
"4623",
"2015",
"3199",
"675",
"2645",
"4647",
"1540",
"2648",
"674",
"3789",
"3771",
"1531",
"3769",
"1276",
"2519",
"1263",
"1553",
"3045",
"3768",
"431",
"2439",
"2016",
"3043",
"3197",
"1537",
"3060",
"1127",
"1539",
"3770",
"2435",
"3042",
"1131",
"586",
"1552",
"1535",
"3198",
"3059",
"4588",
"1823",
"2014",
"1538",
"4595",
"4645",
"676",
"1536",
"2646",
"4594",
"2505",
"3044",
"4622"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 10
}
},
"FF": {
"DH": {
"Diffie-Hellman": 15
},
"DSA": {
"DSA": 6
}
}
},
"certification_process": {
"OutOfScope": {
"during initial configuration include generating the server\u0027s public-private key pair, which is out of scope for this validation. The server public key is only sent to the client and the Module does not use": 1,
"out of scope": 2,
"through that session, whichever occurs first. Persistently stored secret and private keys are out of scope, but may be zeroized by using a FIPS140-2 approved mechanism to clear data on hard disks. 6.2. Key": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 42
}
},
"crypto_protocol": {
"SSH": {
"SSH": 45,
"SSHv1": 1,
"SSHv2": 2
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 5
},
"MAC": {
"MAC": 2
}
},
"device_model": {},
"ecc_curve": {
"Curve": {
"Curve25519": 2
},
"Edwards": {
"Ed25519": 5
},
"NIST": {
"P-256": 2,
"P-384": 4,
"P-521": 4
}
},
"eval_facility": {
"atsec": {
"atsec": 24
}
},
"fips_cert_id": {
"Cert": {
"#1127": 1,
"#1131": 1,
"#1263": 2,
"#1276": 2,
"#1492": 1,
"#1493": 1,
"#1531": 1,
"#1535": 1,
"#1536": 1,
"#1537": 1,
"#1538": 1,
"#1539": 1,
"#1540": 1,
"#1552": 1,
"#1553": 1,
"#1628": 1,
"#1823": 1,
"#2014": 1,
"#2015": 1,
"#2016": 1,
"#2435": 2,
"#2439": 1,
"#2455": 1,
"#2505": 1,
"#2519": 1,
"#2645": 1,
"#2646": 1,
"#2648": 1,
"#3038": 2,
"#3042": 1,
"#3043": 1,
"#3044": 1,
"#3045": 1,
"#3059": 1,
"#3060": 1,
"#3197": 1,
"#3198": 1,
"#3199": 1,
"#3768": 1,
"#3769": 1,
"#3770": 1,
"#3771": 1,
"#3788": 1,
"#3789": 1,
"#431": 2,
"#4588": 1,
"#4594": 1,
"#4595": 1,
"#4622": 1,
"#4623": 1,
"#4645": 1,
"#4646": 1,
"#4647": 1,
"#483": 1,
"#586": 1,
"#674": 1,
"#675": 1,
"#676": 1
}
},
"fips_certlike": {
"Certlike": {
"#1492 CVL": 1,
"#2455 RSA": 1,
"#3038 AES": 1,
"Cert. #483 CVL": 1,
"HMAC- SHA-256": 1,
"HMAC-SHA- 256": 4,
"HMAC-SHA- 512": 4,
"HMAC-SHA-1": 4,
"HMAC-SHA-256": 4,
"SHA- 256": 1,
"SHA- 512": 1,
"SHA-1": 1,
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"level 1": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 2
}
},
"RIPEMD": {
"RIPEMD160": 2
},
"SHA": {
"SHA1": {
"SHA-1": 1
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 20
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 17,
"FIPS 180-4": 1,
"FIPS 186-4": 1,
"FIPS 197": 1,
"FIPS 198-1": 1,
"FIPS140-2": 1
},
"NIST": {
"NIST SP 800-131A": 1,
"NIST SP 800-135": 1,
"NIST SP 800-56A": 1,
"NIST SP 800-67": 1,
"NIST SP 800-90A": 1,
"SP 800-131A": 2,
"SP 800-135": 2,
"SP 800-90A": 10
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 9
},
"CAST": {
"CAST": 2
},
"RC": {
"RC4": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"Triple-DES": 7
},
"DES": {
"DES": 4
}
},
"constructions": {
"MAC": {
"HMAC": 16,
"HMAC-SHA-256": 2
}
},
"djb": {
"ChaCha": {
"ChaCha20": 2
},
"Poly": {
"Poly1305": 2
}
},
"miscellaneous": {
"Blowfish": {
"Blowfish": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "CMVP",
"/CreationDate": "D:20171221194240-06\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2016",
"/ModDate": "D:20171221194240-06\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2016",
"/Subject": "SUSE Linux Enterprise Server 12 - OpenSSH Server Module",
"/Title": "FIPS 140-2 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 715603,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1537",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3042",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1536",
"http://csrc.nist.gov/groups/STM/cmvp/standards.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1531",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4623",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/ECDSA#1127",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1553",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1492",
"http://csrc.nist.gov/publications/PubsFIPS.html",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1552",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1535",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4622",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2455",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4594",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3059",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3060",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3043",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1493",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4645",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4588",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3788",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3770",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3044",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1263",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3771",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4647",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/ECDSA#1131",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/Component#1276",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1539",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1540",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2439",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4595",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3789",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4646",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3769",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/RSA#2505",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/HMAC#3045",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1538",
"https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/RSA#2519",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3768"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 22
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "bd5e06aa527dfb8bd0fbbfb1741ac5c7bdadfcdab320cef3f906c6d68aaabe96",
"policy_txt_hash": "9bad3ba075b6218e16ae64ab053a40066a5735ef37da700d152fbcc180740046"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 [1] operating in FIPS mode or with SUSE Linux Enterprise Server OpenSSL Module validated to FIPS 140-2 under Cert. #3038 [2] operating in FIPS mode.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertNov2015.pdf",
"date_sunset": null,
"description": "SUSE server software that provides encrypted network communication using the SSH protocol.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": null,
"historical_reason": "Moved to historical list due to sunsetting",
"hw_versions": null,
"level": 1,
"mentioned_certs": {
"2435": 1,
"3038": 1
},
"module_name": "SUSE Linux Enterprise Server 12 - OpenSSH Server Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "1.0 [1] and 2.0 [2]",
"tested_conf": [
"SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with AES-NI[1]",
"SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without AES-NI[1]",
"SUSE Linux Enterprise Server 12 SP2 running on FUJITSU Server PRIMERGY CX2570 M2 inside a CX400 M1 enclosure with AES-NI[2]",
"SUSE Linux Enterprise Server 12 SP2 running on FUJITSU Server PRIMERGY CX2570 M2 inside a CX400 M1 enclosure without AES-NI[2]",
"SUSE Linux Enterprise Server 12 SP2 running on IBM z13[2] (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2015-11-13",
"lab": "atsec information security corporation",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-01-02",
"lab": "atsec information security corporation",
"validation_type": "Update"
}
],
"vendor": "SUSE, LLC",
"vendor_url": "http://www.suse.com"
}
}