Will be FIPS module for openssl 3.x ever NIST certified for mobile? #23096
Replies: 2 comments 1 reply
-
|
Unfortunately there are currently no such plans. That does not mean we aren't going to do that eventually but as these platforms are not primary platforms it is currently not a priority. However it is very unlikely that the FIPS 140-2 validation will ever cover these platforms, it would be much more likely for the FIPS 140-3 validation to eventually cover them. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the clarification. |
Beta Was this translation helpful? Give feedback.
-
|
Not sure what the official policy is, but I would imagine adding too many additional platforms to future FIPS validations (like 1.0.2 became) is probably a bad idea in terms of resourcing. @arapov? |
Beta Was this translation helpful? Give feedback.
-
I see that FIPS module with OpenSsl 3.0.8 was relatively recently certified with NIST (https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282) but it does not seem to be certified for any mobile platform, only desktops are listed.
Previous (now expired) NIST certification for 1.0.2 (2.x) FIPS module did cover mobile platforms. Does openssl.org have any plans to extend that certifications to mobile platforms (Android, iOS)?
Beta Was this translation helpful? Give feedback.
All reactions