OpenSSL Secures New FIPS 140-2 Validation

John Weathersby, Open Source Software Institute
[email protected]

               OpenSSL Secures New FIPS 140-2 Validation

              Open Source Cryptographic Module Once Again 

              Available for Government Adoption and Usage

Hattiesburg, MS Wednesday, February 7, 2007 The Open Source Software Institute (OSSI) announced today the FIPS 140-2 validation of the
OpenSSL FIPS Object Module, a cryptographic library based on the widely used OpenSSL product. The official validation certificate (#733) is now
posted at the NIST FIPS 140-1 and 140-2 Cryptographic Modules Validation List (

The OpenSSL FIPS Object Module is freely available and can be downloaded immediately at
The OpenSSL FIPS Object Module Security Policy and User Guide are also available for download through the OSSI website (
and may be used and reproduced without restriction. 


Why this is important to government, IT and open source readers:

1) Information Assurance (IA) programs/modules, such as OpenSSL, must achieve government validation (FIPS & Common Criteria) before they can
be acquired or used within Dept of Defense systems.  (govt policy which regulates this is the National Security Telecommunications and
Information Systems Security Policy (NSTISSP) Number 11)

2) FIPS validation demonstrates validity, durability and security of the open source OpenSSL crypto secure as any comparable
"commercial version" validated module.  Strict scrutiny of the transparent, open source code caused some delays, but outcome resulted
in the most thoroughly viewed and tested module available.

3) Validation demonstrated the efficient nature of the open source development model. Updates and modification were made in hours, not days
or months.

4) Cost benefit to all government, industry and private developers and implementers who wish to adopt the open source OpenSSL Object module.
It is freely available, as it has already been paid for by DoD and industry sponsors.

5) All documentation (Security Guide and User Policy) is being made freely available for download or reuse without restriction.  Also, the
test vectors will be released so that others who wish to undertake a similar validation effort will have documentation and reference
materials.  This too, is viewed as part of the original package and paid for by DoD and other sponsoring entities.

For additional information, please contact:
John Weathersby, OSSI tel: 601.427.0152

John M. Weathersby, Jr.
Executive Director
Open Source Software Institute
National Center for Open Source
Policy and Research
tel: 601.427.0152

Ad maiorem dei gloriam (AMDG)
Audentes fortuna juvat
(fortune favors the bold)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top