CyberSecurityBoard
Sponsor Register Login

OpenSSL 3.1 FIPS Module Has Been Submitted for Validation

On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST's Cryptographic Module Validation Program.
This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in September 2026.
You can see the official listing for the submission in the modules in progress list.
It is likely to be months until a reviewer is assigned.
Once the certificate is issued, premium support customers will be able to take advantage of our no cost rebrand offer for this certificate in addition to the 3.0 certificate.
It isn't possible to provide a timeframe in which we can be certain the CMVP review process will be complete.


This Cyber News was published on www.openssl.org. Publication date: Thu, 04 Jan 2024 10:13:05 +0000


Cyber News related to OpenSSL 3.1 FIPS Module Has Been Submitted for Validation

Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation - Lightship Security and the OpenSSL Corporation have jointly submitted OpenSSL version 3.5.4 for FIPS 140-3 validation, marking a significant milestone in cryptographic security standards. This submission aims to ensure that OpenSSL, a widely used ...
3 months ago Cybersecuritynews.com
CVE-2022-1434 - The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being ...
2 years ago
CVE-2025-12194 - Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows ...
2 months ago
OpenSSL Is Hiring - OpenSSL is hiring for a mid level engineer to join our team. We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL, you will play a vital role in sustaining and evolving the core cryptography and network protocol ...
1 year ago Openssl.org
OpenSSL 3.1 FIPS Module Has Been Submitted for Validation - On 2023-12-29 we have submitted our FIPS 140-3 validation report to NIST's Cryptographic Module Validation Program. This in no way impacts our existing FIPS 140-2 certificate which remains valid and will be maintained until its sunset date in ...
2 years ago Openssl.org
CVE-2020-1971 - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they ...
3 years ago
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
2 years ago Feeds.dzone.com
CVE-2021-23841 - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while ...
2 years ago
OpenSSL 3.3 Alpha Release Date Announced - We are pleased to announce our schedule for the April release of OpenSSL 3.3. In accordance with our adoption of biannual time-based releases following the release of OpenSSL 3.2, this will be our first time-based release. An alpha of OpenSSL 3.3 ...
1 year ago Openssl.org
CVE-2025-9232 - Issue summary: An application using the OpenSSL HTTP client API functions may ...
3 months ago
CVE-2019-1552 - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / ...
3 years ago
CVE-2022-49236 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2021-3712 - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the ...
3 years ago
OpenSSL Vulnerabilities: Risks, Exploits, and Mitigation Strategies - OpenSSL, a widely used cryptographic library, has faced numerous vulnerabilities over the years that pose significant risks to global cybersecurity. This article explores the most critical OpenSSL vulnerabilities, their impact on organizations, and ...
3 months ago Cybersecuritynews.com CVE-2024-1234 CVE-2023-5678 Advanced Persistent Threat Groups
CVE-2021-23840 - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...
2 years ago
CVE-2020-36164 - An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the ...
5 years ago
CVE-2023-2650 - Issue summary: Processing some specially crafted ASN.1 object identifiers or ...
1 year ago
CVE-2023-3446 - Issue summary: Checking excessively long DH keys or parameters may be very slow. ...
1 year ago
CVE-2022-45146 - An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to ...
3 years ago
Citrix Discovers Two Vulnerabilities, Both Exploited in the Wild - Two vulnerabilities have been found in NetScaler ADC and NetScaler Gateway, formerly known as Citrix ADC and Citrix Gateway, and are affecting six supported versions. Tracked as CVE-2023-6548, this vulnerability needs access to NSIP, CLIP, or SNIP ...
2 years ago Darkreading.com CVE-2023-6548 CVE-2023-6549 CVE-2023-4966
CVE-2024-4603 - Issue summary: Checking excessively long DSA keys or parameters may be very ...
1 year ago
CVE-2023-5678 - Issue summary: Generating excessively long X9.42 DH keys or checking ...
1 year ago
CVE-2024-0727 - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL ...
1 year ago
CVE-2023-5363 - Issue summary: A bug has been identified in the processing of key and ...
1 year ago
CVE-2024-5535 - Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an ...
1 year ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)