FIPS 140-3

William Villiard

• January 27, 2022 20:45

When will support for FIPS 140-3 be implemented? 

1

• Official comment

  

  Ian Butteriss

  Product Support

  • January 27, 2022 21:13

  Hi William, thank you for your query. There are several things that have to happen before we can get to that point.

  We would like to release a version of Cerberus that supports TLS 1.3. What is holding us back at this point is currently the OpenSSL 1.1.1 branch which is not FIPS 140-2 certified yet. 
  
  Once OpenSSL version 3.0 is released, we will then include support for TLS 1.3

  OpenSSL 3 has been submitted for 140-2 validation. Once this is approved, it will allow Cerberus to support TLS v1.3 with FIPS 140-2. There is no mention yet of 140-3 yet. Here is the submission announcement from OpenSSL.

  https://www.openssl.org/blog/blog/2021/09/22/OpenSSL3-fips-submission/

   

  however, we expect once the above is done, the process will start to get validation of OpenSSH with FIPS-140-3.

   

  So, it's going to be a while before Cerberus is going to be able to support 140-3.

   

  Thank you!

  Ian Butteriss

  Cerberus Senior Application Support Engineer
• 

  Ian Butteriss

  Product Support

  • October 17, 2022 18:12

  William,

  We wanted to follow up on your question as we have some new information.

  In September 2022, OpenSSL announced that they plan to seek FIPS 140-3 validation for OpenSSL 3.1. You can see their announcement here. They note that validation probably won't be complete until 2024. Once that is done, Cerberus plans to use that version of OpenSSL shortly thereafter.

  Note that these things move slowly so this schedule could slip.

  We are happy to announce, however, that the next release of Cerberus, 12.11, will support TLS 1.3 and we expect to make that release available in the coming days/weeks.

  Thank you!

  Ian Butteriss

  Cerberus Senior Application Support Engineer

  0

Please sign in to leave a comment.