Aruba OpenSSL Module

Certificate #4929

Webpage information ?

Status active
Validation dates 20.12.2024
Sunset date 19-12-2026
Standard FIPS 140-3
Security level 1
Type Firmware
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When operated in Approved mode.
Exceptions
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Aruba OpenSSL Module is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.
Version (Firmware) 1.0
Tested configurations
  • ArubaOS 8.10 on VMWare ESXi 7.0 running on MCR-VA-50 Mobility Conductor Virtual Appliance on HPE Edgeline 20 with Intel Xeon Gold 6212U (Cascade Lake) without PAA
  • ArubaOS 8.10 on VMWare ESXi 7.0 running on MC-VA-50 Mobility Controller Virtual Appliance on HPE ProLiant ML110 Gen10 with Intel Xeon E3 1515 (Skylake) without PAA
  • ArubaOS 8.10 on VMWare ESXi 7.0 running on MC-VA-50 Mobility Controller Virtual Appliance on Pacstar PS451-1258 Series with Intel Xeon E-2254ML (CoffeeLake) without PAA
  • ArubaOS 8.10 running on 7020 Mobility Controller with Broadcom XLP208 (MIPS64) without PAA
  • ArubaOS 8.10 running on 7205 Mobility Controller with Broadcom XLP316 (MIPS64) without PAA
  • ArubaOS 8.10 running on 7220 Mobility Controller with Broadcom XLP432 (MIPS64) without PAA
  • ArubaOS 8.10 running on 7280 Mobility Controller with Broadcom XLP (MIPS64) without PAA
  • ArubaOS 8.10 running on 9012 Gateway with Intel Atom C3508 (Denverton) without PAA
  • ArubaOS 8.10 running on 9240 Gateway with Intel Xeon (Cascade Lake) with PAA
  • ArubaOS 8.10 running on 9240 Gateway with Intel Xeon (Cascade Lake) without PAA
  • ArubaOS 8.10 running on AP-505 Wireless Access Point with Broadcom BCM47622L (ARM-A7) without PAA
  • ArubaOS 8.10 running on AP-515 Wireless Access Point with Broadcom BCM (64-bit ARMv8) without PAA
  • ArubaOS 8.10 running on AP-535 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA
  • ArubaOS 8.10 running on AP-635 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA
  • ArubaOS 8.10 running on AP-655 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA
  • ArubaOS 8.10 running on MCR-HW-5K Mobility Conductor Hardware Appliance with Intel Xeon E5-2620v4 (Broadwell) with PAA
Vendor Hewlett Packard Enterprise
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-256, RC4, DES, Triple-DES, HMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA2, SHA-3, MD5
Schemes
Key Exchange, Key Agreement, Key agreement
Protocols
SSH, TLS, TLS v1.2, TLS 1.2, IKE, IKEv1, IPsec, VPN
Randomness
DRBG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384
Block cipher modes
ECB, CBC, CTR, CFB, GCM, CCM

Trusted Execution Environments
PSP
Vendor
Qualcomm, Broadcom

Security level
Level 1

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 186-2, FIPS 180-4, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-133, SP 800-135, SP 800-90A, SP 800-108, SP 800-56A, SP 800-56C, NIST SP 800-52, PKCS1, RFC 7627, RFC 2313, RFC7627, RFC 5288, ISO/IEC 24759, ISO/IEC 19790:2012, ISO/IEC 24759:2017

File metadata

Title HPE OpenSSL SP
Author McGlashan, Dave
Creation date D:20241216142804-05'00'
Modification date D:20241216142804-05'00'
Pages 36
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 23.12.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4929,
  "dgst": "d0f0593601de6483",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "ECDSA KeyVer (FIPS186-4)A2690",
        "AES-KWA2690",
        "KAS-FFC-SSC Sp800-56Ar3A2690",
        "AES-CFB128A2690",
        "RSA KeyGen (FIPS186-4)A2690",
        "RSA SigVer (FIPS186-2)A2690",
        "SHA-1A2690",
        "AES-CTRA2690",
        "AES-ECBA2690",
        "DSA PQGGen (FIPS186-4)A2690",
        "HMAC-SHA2-512A2690",
        "SHA2-512A2690",
        "KDF TLSA2690",
        "RSA SigVer (FIPS186-4)A2690",
        "AES-CCMA2690",
        "ECDSA KeyGen (FIPS186-4)A2690",
        "KDF SSHA2690",
        "KDF IKEv1A2690",
        "SHA2-384A2690",
        "HMAC-SHA2-256A2690",
        "SHA2-256A2690",
        "DSA KeyGen (FIPS186-4)A2690",
        "AES-CBCA2690",
        "Safe Primes Key VerificationA2690",
        "ECDSA SigVer (FIPS186-4)A2690",
        "ECDSA SigGen (FIPS186-4)A2690",
        "RSA SigGen (FIPS186-4)A2690",
        "Safe Primes Key GenerationA2690",
        "KDF SNMPA2690",
        "HMAC-SHA-1A2690",
        "KDA TwoStep Sp800-56Cr1A2690",
        "KDF SP800-108A2690",
        "HMAC-SHA2-384A2690",
        "AES-GCMA2690",
        "KAS-ECC-SSC Sp800-56Ar3A2690"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 7
          },
          "ECDSA": {
            "ECDSA": 20
          }
        },
        "FF": {
          "DH": {
            "DH": 14,
            "Diffie-Hellman": 17
          },
          "DSA": {
            "DSA": 3
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 6
        },
        "CCM": {
          "CCM": 4
        },
        "CFB": {
          "CFB": 2
        },
        "CTR": {
          "CTR": 4
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 11
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 72
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 18,
          "IKEv1": 21
        },
        "IPsec": {
          "IPsec": 1
        },
        "SSH": {
          "SSH": 6
        },
        "TLS": {
          "TLS": {
            "TLS": 39,
            "TLS 1.2": 1,
            "TLS v1.2": 3
          }
        },
        "VPN": {
          "VPN": 1
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 2
        },
        "KEX": {
          "Key Exchange": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 26,
          "P-384": 24
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES CTR 256": 1,
          "AES-256": 6,
          "AES-CBC10": 1,
          "AES-GCM9": 1,
          "DRBG2": 1,
          "DRBG5": 1,
          "DSA6": 1,
          "HMAC- SHA1-96": 1,
          "HMAC-SHA-1": 32,
          "PAA 13": 1,
          "PAA 7": 1,
          "PKCS1": 6,
          "RSA 2048": 1,
          "SHA-1": 9,
          "SHA-17": 1,
          "SHA-18": 1,
          "SHA-256": 1,
          "SHA-3": 1,
          "SHA-384": 1,
          "SHA-512": 1,
          "SHA1-96": 1,
          "SHA2": 1,
          "SHA2-256": 13,
          "SHA2-384": 11,
          "SHA2-512": 8
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 47
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 2
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 9
          },
          "SHA2": {
            "SHA-256": 1,
            "SHA-384": 1,
            "SHA-512": 1,
            "SHA2": 1
          },
          "SHA3": {
            "SHA-3": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 42
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 55,
          "FIPS 180-4": 1,
          "FIPS 186-2": 1,
          "FIPS 186-4": 7,
          "FIPS 197": 2,
          "FIPS 198-1": 2
        },
        "ISO": {
          "ISO/IEC 19790:2012": 1,
          "ISO/IEC 24759": 2,
          "ISO/IEC 24759:2017": 1
        },
        "NIST": {
          "NIST SP 800-52": 1,
          "SP 800-108": 2,
          "SP 800-133": 2,
          "SP 800-135": 3,
          "SP 800-38A": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 1,
          "SP 800-38F": 3,
          "SP 800-56A": 5,
          "SP 800-56C": 2,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS1": 3
        },
        "RFC": {
          "RFC 2313": 1,
          "RFC 5288": 2,
          "RFC 7627": 1,
          "RFC7627": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 28,
            "AES-256": 6
          },
          "RC": {
            "RC4": 1
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 3
          },
          "DES": {
            "DES": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 10
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 5
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Broadcom": {
          "Broadcom": 6
        },
        "Qualcomm": {
          "Qualcomm": 3
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "McGlashan, Dave",
      "/CreationDate": "D:20241216142804-05\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20241216142804-05\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "HPE OpenSSL SP",
      "pdf_file_size_bytes": 812844,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://myenterpriselicense.hpe.com/cwp-ui/software",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program",
          "https://networkingsupport.hpe.com/end-of-life",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35301",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/Details?validation=35301",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search",
          "https://networkingsupport.hpe.com/downloads;pageSize=100;fileTypes=DOCUMENT;products=Aruba%20Access%20Points,Aruba%20Mobility%20Gateways;softwareGroups=ArubaOS;softwareMajorVersions=8.10",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/7",
          "https://www.hpe.com/us/en/networking/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 36
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "5ae1c55c892de74cadda16e25f1d071b7cd0fa281765c0d155b4758c82186d90",
    "policy_txt_hash": "f0f9b17beb8df5f47bc17545692f47e5431aa98def8838655fd20a28a154bc90"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in Approved mode.",
    "certificate_pdf_url": null,
    "date_sunset": "2026-12-19",
    "description": "The Aruba OpenSSL Module is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": "1.0",
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Aruba OpenSSL Module",
    "module_type": "Firmware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "ArubaOS 8.10 on VMWare ESXi 7.0 running on MCR-VA-50 Mobility Conductor Virtual Appliance on HPE Edgeline 20 with Intel Xeon Gold 6212U (Cascade Lake) without PAA",
      "ArubaOS 8.10 on VMWare ESXi 7.0 running on MC-VA-50 Mobility Controller Virtual Appliance on HPE ProLiant ML110 Gen10 with Intel Xeon E3 1515 (Skylake) without PAA",
      "ArubaOS 8.10 on VMWare ESXi 7.0 running on MC-VA-50 Mobility Controller Virtual Appliance on Pacstar PS451-1258 Series with Intel Xeon E-2254ML (CoffeeLake) without PAA",
      "ArubaOS 8.10 running on 7020 Mobility Controller with Broadcom XLP208 (MIPS64) without PAA",
      "ArubaOS 8.10 running on 7205 Mobility Controller with Broadcom XLP316 (MIPS64) without PAA",
      "ArubaOS 8.10 running on 7220 Mobility Controller with Broadcom XLP432 (MIPS64) without PAA",
      "ArubaOS 8.10 running on 7280 Mobility Controller with Broadcom XLP (MIPS64) without PAA",
      "ArubaOS 8.10 running on 9012 Gateway with Intel Atom C3508 (Denverton) without PAA",
      "ArubaOS 8.10 running on 9240 Gateway with Intel Xeon (Cascade Lake) with PAA",
      "ArubaOS 8.10 running on 9240 Gateway with Intel Xeon (Cascade Lake) without PAA",
      "ArubaOS 8.10 running on AP-505 Wireless Access Point with Broadcom BCM47622L (ARM-A7) without PAA",
      "ArubaOS 8.10 running on AP-515 Wireless Access Point with Broadcom BCM (64-bit ARMv8) without PAA",
      "ArubaOS 8.10 running on AP-535 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA",
      "ArubaOS 8.10 running on AP-635 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA",
      "ArubaOS 8.10 running on AP-655 Wireless Access Point with Qualcomm IPQ (64-bit ARM Cortex A53) without PAA",
      "ArubaOS 8.10 running on MCR-HW-5K Mobility Conductor Hardware Appliance with Intel Xeon E5-2620v4 (Broadwell) with PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-12-20",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Hewlett Packard Enterprise",
    "vendor_url": "http://www.hpe.com/us/en/networking/"
  }
}