This page was not yet optimized for use on mobile
devices.
Red Hat Enterprise Linux 6.6 NSS Module
Known vulnerabilities detected
Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.Certificate #2564
Webpage information
| Status | historical |
|---|---|
| Historical reason | SP 800-131A transition which disallows key wrapping not compliant to SP 800-38F. |
| Validation dates | 17.02.2016 , 16.08.2018 |
| Standard | FIPS 140-2 |
| Security level | 2 |
| Type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Caveat | When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy |
| Exceptions |
|
| Description | Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ |
| Tested configurations |
|
| Vendor | Red Hat®, Inc. |
| References | This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates. |
Security policy
Symmetric Algorithms
AES, RC2, RC4, DES, Triple-DES, TDES, TDEA, Camellia, SEED, HMAC, CMACAsymmetric Algorithms
RSA 2048, ECDSA, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA-224, SHA-384, MD5Schemes
MAC, Key exchange, Key agreementProtocols
SSH, TLSv1.0, TLSv1.1, TLSv1.2, TLS, TLS v1.0Randomness
PRNG, DRBG, RNGLibraries
OpenSSL, NSSElliptic Curves
P-256, P-384, P-521Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCMSecurity level
Level 2Side-channel analysis
Timing attacks, Timing attack, timing attacks, Timing AttacksStandards
FIPS 140-2, FIPS 186-4, FIPS 197, FIPS 180-4, FIPS 198-1, SP 800-90A, SP 800-57, NIST SP 800-90, NIST SP 800-67, NIST SP 800-38B, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-56A, NIST SP 800-90A, PKCS #11, PKCS #1, RFC 5288File metadata
| Title | FIPS 140-2 Security Policy |
|---|---|
| Subject | Red Hat Enterprise Linux 6.6 NSS Module |
| Author | Alejandro Fabio Masino |
| Creation date | D:20180816104956-05'00' |
| Pages | 36 |
| Creator | Writer |
| Producer | LibreOffice 5.3 |
References
Incoming- 2582 - historical - Red Hat Enterprise Linux 6.6 Kernel Crypto API Cryptographic Module
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.Related CVEs
| ID | Links | Severity | CVSS Score | Published on |
|---|---|---|---|---|
| Base score | ||||
| CVE-2016-7091 | MEDIUM | 4.4 | 22.12.2016 | |
| CVE-2017-1000253 | HIGH | 7.8 | 05.10.2017 | |
| CVE-2018-1111 | HIGH | 7.5 | 17.05.2018 |
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 2564,
"dgst": "d0c9e369bee256f4",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES#3084",
"DRBG#605",
"Triple-DES#1777",
"HMAC#1934",
"SHS#2550",
"ECDSA#556",
"AES#3085",
"AES#3079",
"DRBG#604",
"CVL#369",
"AES#3083",
"AES#3087",
"RSA#1578",
"AES#3082",
"Triple-DES#1776",
"SHS#2552",
"Triple-DES#1778",
"Triple-DES#1779",
"HMAC#1936",
"HMAC#1935",
"DSA#894",
"ECDSA#555",
"DSA#893",
"DRBG#603",
"AES#3081",
"RSA#1580",
"AES#3077",
"RSA#1577",
"SHS#2551",
"AES#3086",
"RSA#1579",
"HMAC#1933",
"CVL#368",
"ECDSA#554",
"DRBG#606",
"AES#3076",
"AES#3078",
"SHS#2549",
"ECDSA#557",
"CVL#370",
"DSA#895",
"DSA#892",
"AES#3080",
"CVL#371"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:o:redhat:enterprise_linux:6.6:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": {
"_type": "Set",
"elements": [
"CVE-2017-1000253",
"CVE-2018-1111",
"CVE-2016-7091"
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"6.6"
]
},
"indirect_transitive_cves": {
"_type": "Set",
"elements": [
"CVE-2017-1000253",
"CVE-2018-1111",
"CVE-2016-7091"
]
},
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"2582"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"2582"
]
},
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": {
"_type": "Set",
"elements": [
"2582"
]
},
"directly_referencing": null,
"indirectly_referenced_by": {
"_type": "Set",
"elements": [
"2582"
]
},
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": {
"_type": "Set",
"elements": [
"CVE-2017-1000253",
"CVE-2018-1111",
"CVE-2016-7091"
]
},
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 25
}
},
"FF": {
"DH": {
"Diffie-Hellman": 14
},
"DSA": {
"DSA": 50
}
},
"RSA": {
"RSA 2048": 1
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CCM": {
"CCM": 2
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 8
},
"OFB": {
"OFB": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"NSS": {
"NSS": 84
},
"OpenSSL": {
"OpenSSL": 3
}
},
"crypto_protocol": {
"SSH": {
"SSH": 1
},
"TLS": {
"TLS": {
"TLS": 11,
"TLS v1.0": 1,
"TLSv1.0": 1,
"TLSv1.1": 1,
"TLSv1.2": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key agreement": 3
},
"KEX": {
"Key exchange": 1
},
"MAC": {
"MAC": 1
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 6,
"P-384": 6,
"P-521": 6
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#11": 13
}
},
"fips_certlike": {
"Certlike": {
"DSA 2048": 1,
"DSA2": 2,
"HMAC-SHA-1": 4,
"HMAC-SHA256": 2,
"HMAC-SHA512": 2,
"PKCS #1": 4,
"PKCS #11": 24,
"RSA 2048": 1,
"RSA2": 2,
"SHA-1": 2,
"SHA-256": 5,
"SHA-512": 1
}
},
"fips_security_level": {
"Level": {
"Level 2": 2
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 6
}
},
"SHA": {
"SHA1": {
"SHA-1": 2
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 4,
"SHA-384": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 16,
"PRNG": 1
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {
"SCA": {
"Timing Attacks": 2,
"Timing attack": 1,
"Timing attacks": 1,
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-2": 53,
"FIPS 180-4": 1,
"FIPS 186-4": 5,
"FIPS 197": 1,
"FIPS 198-1": 1
},
"NIST": {
"NIST SP 800-38B": 1,
"NIST SP 800-38C": 1,
"NIST SP 800-38D": 1,
"NIST SP 800-38E": 1,
"NIST SP 800-56A": 1,
"NIST SP 800-67": 1,
"NIST SP 800-90": 1,
"NIST SP 800-90A": 1,
"SP 800-57": 1,
"SP 800-90A": 3
},
"PKCS": {
"PKCS #1": 2,
"PKCS #11": 12
},
"RFC": {
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 22
},
"RC": {
"RC2": 12,
"RC4": 2
}
},
"DES": {
"3DES": {
"TDEA": 1,
"TDES": 1,
"Triple-DES": 16
},
"DES": {
"DES": 14
}
},
"constructions": {
"MAC": {
"CMAC": 1,
"HMAC": 15
}
},
"miscellaneous": {
"Camellia": {
"Camellia": 10
},
"SEED": {
"SEED": 12
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Alejandro Fabio Masino",
"/CreationDate": "D:20180816104956-05\u002700\u0027",
"/Creator": "Writer",
"/Producer": "LibreOffice 5.3",
"/Subject": "Red Hat Enterprise Linux 6.6 NSS Module",
"/Title": "FIPS 140-2 Security Policy",
"pdf_file_size_bytes": 308184,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/0754.html",
"http://webstore.ansi.org/FindStandards.aspx?Action=displaydept\u0026DeptID=80\u0026Acro=X9\u0026DpName=X9,%20Inc.",
"http://csrc.nist.gov/publications/PubsFIPS.html",
"http://csrc.nist.gov/groups/STM/cmvp/standards.html",
"https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/0924.html",
"http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.52%3A1998"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 36
}
},
"state": {
"_type": "sec_certs.sample.fips.InternalState",
"module": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": null,
"txt_hash": null
},
"policy": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": "543677c58ea9db22a496407a9010a041f71dc9bf0f3a53444404fc6df8d22bd8",
"txt_hash": "d7c9d0ba79e521f6a3785ce20cd18525906b4b3bcd9012a5cc3bc9ef70a592a9"
}
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/FIPS140ConsolidatedCertFeb2016.pdf",
"date_sunset": null,
"description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical Security: N/A"
],
"fw_versions": null,
"historical_reason": "SP 800-131A transition which disallows key wrapping not compliant to SP 800-38F.",
"hw_versions": null,
"level": 2,
"mentioned_certs": {},
"module_name": "Red Hat Enterprise Linux 6.6 NSS Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": "3.14.3-22",
"tested_conf": [
"Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 with AES-NI",
"Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 without AES-NI",
"Red Hat Enterprise Linux 6.6 running on System x3500 M4 with AES-NI",
"Red Hat Enterprise Linux 6.6 running on System x3500 M4 without AES-NI (single-user mode)"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2016-02-17",
"lab": "atsec information security corporation",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-08-16",
"lab": "atsec information security corporation",
"validation_type": "Update"
}
],
"vendor": "Red Hat\u00ae, Inc.",
"vendor_url": "http://www.redhat.com"
}
}