This page was not yet optimized for use on mobile devices.
Red Hat Enterprise Linux 9 NSS Cryptographic Module
Certificate #4774
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-, CAST, RC2, RC4, DES, Triple-DES, ChaCha20, Camellia, SEED, HMAC, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, CMAC, CBC-MACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, PBKDF2Schemes
MAC, Key Exchange, Key AgreementProtocols
SSL, TLS, TLS 1.2, TLSv1.0, TLS 1.3, IKEv2, IKEv1, IKERandomness
DRBG, RNGLibraries
NSSElliptic Curves
P-256, P-384, P-521, P-192Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSP, SSCSecurity level
Level 1, level 1Side-channel analysis
Timing attacks, Timing attack, timing attacksStandards
FIPS 140-3, FIPS PUB 140-3, FIPS 180-4, FIPS 197, FIPS 198-1, FIPS 186-4, FIPS 186-2, SP 800-132, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-38B, SP 800-90B, SP 800-140B, PKCS#5, PKCS#7, PKCS#11, PKCS#12, PKCS#1, RFC 3526, RFC 7919, RFC 5288, RFC8446, RFC 8446, ISO/IEC 24759, X.509File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | David Cornwell |
| Creation date | D:20240820152453-05'00' |
| Pages | 39 |
| Creator | Writer |
| Producer | LibreOffice 7.3 |
References
Outgoing- 47 - historical - Netscape Security Module 1.01
Heuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
09.09.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4774,
"dgst": "e5b82b15c2c265c2",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES-CBCA3470",
"AES-KWA3469",
"PBKDFA3463",
"HMAC-SHA2-512A3463",
"KDF IKEv2A3467",
"Hash DRBGA3463",
"AES-GCMA4482",
"RSA SigVer (FIPS186-2)A3463",
"AES-CBC-CS1A3468",
"AES-KWPA3469",
"HMAC-SHA2-224A3463",
"KAS-ECC-SSC Sp800-56Ar3A3463",
"RSA KeyGen (FIPS186-4)A3463",
"ECDSA KeyGen (FIPS186-4)A3463",
"RSA SigGen (FIPS186-4)A3463",
"Safe Primes Key GenerationA3463",
"SHA2-384A3463",
"KDF TLSA3463",
"TLS v1.2 KDF RFC7627A3463",
"AES-ECBA3470",
"HMAC-SHA2-256A3463",
"KDA HKDF Sp800-56Cr1A3462",
"SHA2-256A3463",
"AES-CMACA3465",
"SHA2-224A3463",
"SHA2-512A3463",
"RSA SigVer (FIPS186-4)A3463",
"ECDSA SigVer (FIPS186-4)A3463",
"HMAC-SHA2-384A3463",
"ECDSA SigGen (FIPS186-4)A3463",
"KDF SP800-108A3466",
"KAS-FFC-SSC Sp800-56Ar3A3463",
"AES-CTRA3470",
"DSA SigVer (FIPS186-4)A3463"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"9"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"47"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"47"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"47"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 4
},
"ECDSA": {
"ECDSA": 18
}
},
"FF": {
"DH": {
"DH": 20,
"Diffie-Hellman": 12
},
"DSA": {
"DSA": 23
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CTR": {
"CTR": 2
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 19
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"NSS": {
"NSS": 44
}
},
"crypto_protocol": {
"IKE": {
"IKE": 5,
"IKEv1": 2,
"IKEv2": 21
},
"TLS": {
"SSL": {
"SSL": 3
},
"TLS": {
"TLS": 32,
"TLS 1.2": 14,
"TLS 1.3": 2,
"TLSv1.0": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1
},
"KEX": {
"Key Exchange": 3
},
"MAC": {
"MAC": 10
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-192": 14,
"P-256": 14,
"P-384": 10,
"P-521": 10
}
},
"eval_facility": {
"atsec": {
"atsec": 45
}
},
"fips_cert_id": {
"Cert": {
"#2": 4,
"#47": 1
}
},
"fips_certlike": {
"Certlike": {
"AES CBC 128, 192": 1,
"AES CMAC 128": 1,
"AES GCM 128": 1,
"HMAC SHA-1": 2,
"HMAC SHA-256": 1,
"HMAC-SHA-224": 4,
"HMAC-SHA-256": 4,
"HMAC-SHA-384": 4,
"HMAC-SHA-512": 4,
"PKCS#1": 16,
"PKCS#11": 8,
"PKCS#12": 8,
"PKCS#5": 8,
"PKCS#7": 4,
"RSA PKCS#1": 2,
"SHA- 224": 1,
"SHA- 384": 1,
"SHA- 512": 5,
"SHA-1": 14,
"SHA-224": 13,
"SHA-256": 34,
"SHA-384": 17,
"SHA-512": 13
}
},
"fips_security_level": {
"Level": {
"Level 1": 2,
"level 1": 1
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 15
}
},
"PBKDF": {
"PBKDF2": 18
},
"SHA": {
"SHA1": {
"SHA-1": 14
},
"SHA2": {
"SHA-224": 13,
"SHA-256": 34,
"SHA-384": 17,
"SHA-512": 13
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 20
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {
"SCA": {
"Timing attack": 1,
"Timing attacks": 1,
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 51,
"FIPS 180-4": 2,
"FIPS 186-2": 2,
"FIPS 186-4": 16,
"FIPS 197": 7,
"FIPS 198-1": 2,
"FIPS PUB 140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-132": 8,
"SP 800-140B": 1,
"SP 800-38A": 5,
"SP 800-38B": 2,
"SP 800-38D": 3,
"SP 800-38F": 2,
"SP 800-90B": 1
},
"PKCS": {
"PKCS#1": 9,
"PKCS#11": 4,
"PKCS#12": 4,
"PKCS#5": 4,
"PKCS#7": 2
},
"RFC": {
"RFC 3526": 3,
"RFC 5288": 2,
"RFC 7919": 3,
"RFC 8446": 1,
"RFC8446": 2
},
"X509": {
"X.509": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 51,
"AES-": 1
},
"CAST": {
"CAST": 4
},
"RC": {
"RC2": 4,
"RC4": 4
}
},
"DES": {
"3DES": {
"Triple-DES": 4
},
"DES": {
"DES": 7
}
},
"constructions": {
"MAC": {
"CBC-MAC": 2,
"CMAC": 7,
"HMAC": 17,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 2
}
},
"djb": {
"ChaCha": {
"ChaCha20": 3
}
},
"miscellaneous": {
"Camellia": {
"Camellia": 5
},
"SEED": {
"SEED": 5
}
}
},
"tee_name": {
"AMD": {
"PSP": 4
},
"IBM": {
"SSC": 3
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "David Cornwell",
"/CreationDate": "D:20240820152453-05\u002700\u0027",
"/Creator": "Writer",
"/Producer": "LibreOffice 7.3",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 354923,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.ietf.org/rfc/rfc3526.txt",
"https://www.ietf.org/rfc/rfc2898.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening#proc_installing-the-system-with-fips-mode-enabled_assembly_installing-the-system-in-fips-mode",
"https://www.ietf.org/rfc/rfc5288.txt",
"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#switching-the-system-to-fips-mode_using-the-system-wide-cryptographic-policies",
"https://www.ietf.org/rfc/rfc7919.txt",
"https://www.ietf.org/rfc/rfc3447.txt",
"https://www.ietf.org/rfc/rfc2315.txt",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf",
"https://www.ietf.org/rfc/rfc7292.txt",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E47_PublicUse.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf",
"https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"http://www.atsec.com/",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://www.ietf.org/rfc/rfc8446.txt",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "99ae0a6f65f68e5e9b01f682a57c9559266fba5c2ba196402d04cb2d79921931",
"policy_txt_hash": "3b868591aae2b9479537c555018d6362fb1a7b5d681f1d4bf8b9b5966b7f8039"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in approved mode and installed, initialized and configured as specified in section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2026-08-20",
"description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Red Hat Enterprise Linux 9 NSS Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "4.34.0-a20cd33fbbe14357",
"tested_conf": [
"Red Hat Enterprise Linux 9 on IBM 9080 HEX with IBM POWER10 with PAA",
"Red Hat Enterprise Linux 9 on IBM 9080 HEX with IBM POWER10 without PAA",
"Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 with PAI",
"Red Hat Enterprise Linux 9 on IBM z16 3931-A01 with IBM z16 without PAI",
"Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 with PAA",
"Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with Intel(R) Xeon(R) Silver 4216 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-21",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Red Hat(R), Inc.",
"vendor_url": "http://www.redhat.com"
}
}