Skip to main content

Comments

2 comments

  • Official comment
    Ian Butteriss
    Product Support

    Hi William, thank you for your query. There are several things that have to happen before we can get to that point.

    We would like to release a version of Cerberus that supports TLS 1.3. What is holding us back at this point is currently the OpenSSL 1.1.1 branch which is not FIPS 140-2 certified yet. 

    Once OpenSSL version 3.0 is released, we will then include support for TLS 1.3

    OpenSSL 3 has been submitted for 140-2 validation. Once this is approved, it will allow Cerberus to support TLS v1.3 with FIPS 140-2. There is no mention yet of 140-3 yet. Here is the submission announcement from OpenSSL.

     
    however, we expect once the above is done, the process will start to get validation of OpenSSH with FIPS-140-3.
     
    So, it's going to be a while before Cerberus is going to be able to support 140-3.
     
    Thank you!
    Ian Butteriss
    Cerberus Senior Application Support Engineer
  • Ian Butteriss
    Product Support

    William,

    We wanted to follow up on your question as we have some new information.

    In September 2022, OpenSSL announced that they plan to seek FIPS 140-3 validation for OpenSSL 3.1. You can see their announcement here. They note that validation probably won't be complete until 2024. Once that is done, Cerberus plans to use that version of OpenSSL shortly thereafter.

    Note that these things move slowly so this schedule could slip.

    We are happy to announce, however, that the next release of Cerberus, 12.11, will support TLS 1.3 and we expect to make that release available in the coming days/weeks.

    Thank you!
    Ian Butteriss
    Cerberus Senior Application Support Engineer
    0

Please sign in to leave a comment.