Summary
The Federal Information Processing Standards 140-2 and 140-3 ensure that cryptographic tools implement their algorithms properly. You'll find a complete list of all FIPS 140-2 and FIPS 140-3 certificates at the NIST CMVP website. The Red Hat certificates are below.
A note on applicability: The exact platform and environment tested is specified in the Security Policy for each certificate, though generally applicable to other Red Hat products where the binary versions of modules are running unmodified as well. FIPS 140 certificates issued to Red Hat are not generally applicable to non-Red Hat products. Please see the Security Policy, available at the following links for specifics. Module binaries may be unchanged across Red Hat Enterprise Linux minor releases. In this case, Red Hat reports the same applicable module version and certificate for such releases.
| RHEL 9.5 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
| OpenSSL | 3.0.7-395c1a240fbfffd8 | openssl-fips-provider-3.0.7-6.el9 (1) | Active | #4857 |
Notes: (1) this package contains the binary module originally certified in the openssl-3.0.7-18.el9_2 package, it has been repackaged for distribution purposes but it has not been modified | ||||
| RHEL 9.4 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
| OpenSSL | 3.0.7-395c1a240fbfffd8 | openssl-fips-provider-3.0.7-2.el9 (1) | Active | #4857 |
| Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_2 (2) | Active | #4754 |
| Kernel Cryptographic API | TBD | TBD | Implementation Under Test | N/A |
| GnuTLS | TBD | gnutls-3.8.3-1.el9 | Implementation Under Test | N/A |
| NSS | TBD | nss-3.101.0-10.el9_2 | Implementation Under Test | N/A |
Notes: (1) this package contains the binary module originally certified in the openssl-3.0.7-18.el9_2 package, it has been repackaged for distribution purposes but it has not been modified (2) inherited from RHEL 9.0, this package has not been modified | ||||
| RHEL 9.2 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
| OpenSSL | 3.0.7-395c1a240fbfffd8 | openssl-3.0.7-18.el9_2 | Active | #4857 |
Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_2 (1) | Active | |
Kernel Cryptographic API | kernel 5.14.0-284.57.1.el9_2, libkcapi 1.3.1-3.el9 | kernel-5.14.0-284.57.1.el9_2, libkcapi-1.3.1-3.el9, libkcapi-hmaccalc-1.3.1-3.el9 | N/A | |
GnuTLS | 3.7.6-074d015ce201f43 | gnutls-3.7.6-21.el9_2.1, nettle-3.8-3.el9_0.x86_64 | Active | |
NSS | 3.90.0-4408e3bb8a34af3a | nss-3.90.0-6.el9_2 | N/A | |
Notes: (1) inherited from RHEL 9.0, this package has not been modified | ||||
| RHEL 9.0 | ||||
|---|---|---|---|---|
| Tested on Red Hat Enterprise Linux 9 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z16, and IBM Power10 | ||||
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | 3.0.1-3f45e68ee408cd9c | openssl-3.0.1-46.el9_0.3 | Active | |
Libgcrypt | 1.10.0-8b6840b590cedd43 | libgcrypt-1.10.0-10.el9_0 | Active | |
Kernel Cryptographic API | kernel 5.14.0-70.53.1.el9_0, libkcapi 1.3.1-3.el9 | kernel-5.14.0-70.53.1.el9_0, libkcapi-1.3.1-3.el9, libkcapi-hmaccalc-1.3.1-3.el9 | Active | |
GnuTLS | 3.7.6-66803fa128d6a6e5 | gnutls-3.7.6-19.el9_0 | Active | |
NSS | 4.34.0-a20cd33fbbe14357 | nss-softokn-3.79.0-18.el9_0, nss-softokn-freebl-3.79.0-18.el9_0 | Active | |
| RHEL 8.10 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_9 (1) | Active | |
Kernel Cryptographic API | TBD | TBD | N/A | |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 (2) | Active | |
| NSS | 3.101.0-36157fa50e4c0485 | nss-3.101.0-11.el8_8 | Review Pending | N/A |
| GnuTLS | TBD | gnutls-3.6.16-8.el8_9.3 | Scenario 3A revalidation - submitted | N/A |
Notes: (1) the same binary module as in RHEL 8.6, 8.8, 8.9 and 8.10, it has been repackaged for distribution purposes but it has not been modified (2) inherited from RHEL 8.6, this package has not been modified | ||||
| RHEL 8.9 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_9 (1) | Active | |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 (2) | Active | |
Notes: (1) the same binary module as in RHEL 8.6, 8.8, 8.9 and 8.10, it has been repackaged for distribution purposes but it has not been modified (2) inherited from RHEL 8.6, this package has not been modified | ||||
| RHEL 8.8 | ||||
|---|---|---|---|---|
| Tested on Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z15, IBM POWER9 and IBM Power10 | ||||
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_8 (1) | Active | |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 (2) | Active | |
Kernel Cryptographic API | kernel 4.18.0-477.72.1.el8_8.x86_64, libkcapi-1.2.0-3.el8_8.x86_64 | kernel-4.18.0-477.72.1.el8_8, libkcapi-1.2.0-3.el8_8, and libkcapi-hmaccalc-1.2.0-3.el8_8 | N/A | |
NSS | 3.101.0-36157fa50e4c0485 | nss-3.101.0-11.el8_8 | N/A | |
GnuTLS | rhel8.20240328 | gnutls-3.6.16-7.el8_8.3 | Active | #4428 |
Notes: (1) the same binary module as in RHEL 8.6, 8.8, 8.9 and 8.10, it has been repackaged for distribution purposes but it has not been modified (2) inherited from RHEL 8.6, this package has not been modified | ||||
| RHEL 8.7 | ||||
|---|---|---|---|---|
| Tested on Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z15, IBM POWER9 and IBM Power10 | ||||
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 (1) | Active | |
GnuTLS | rhel8.20220830 | gnutls-3.6.16-5.el8_6 | Replaced by rhel8.20240328 | N/A |
Notes: (1) inherited from RHEL 8.6, this package has not been modified | ||||
| RHEL 8.6 | ||||
|---|---|---|---|---|
| Tested on Red Hat Enterprise Linux 8 running on Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216, IBM z15, IBM POWER9 and IBM Power10 | ||||
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel8.20231130 | openssl-1.1.1k-12.el8_6 | Active | |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-7.el8_6 | Active | |
Kernel Cryptographic API | kernel 4.18.0-372.52.1.el8_6, libkcapi 1.2.0-2.el8 | kernel-4.18.0-372.52.1.el8_6, libkcapi-1.2.0-2.el8, libkcapi-hmaccalc-1.2.0-2.el8 | Active | |
GnuTLS | rhel8.20220830 | gnutls-3.6.16-4.el8_6 | Replaced by rhel8.20240328 | N/A |
NSS | rhel8.20211124 | nss-3.67.0-7.el8_5 | Active | |
| RHEL 8.5 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel8.20220323 | openssl-1.1.1k-6.el8_5 | Active | |
Libgcrypt | rhel8.20210628 | libgcrypt-1.8.5-6.el8 | Updated | N/A |
Kernel Cryptographic API | rhel8.20211004 | kernel-4.18.0-348.el8 | Active | |
NSS | rhel8.20210708 | 3.67.0-6.el8_4 | Updated | N/A |
GnuTLS | rhel8.20210628 | gnutls-3.6.16-4.el8 | Updated | N/A |
| RHEL 8.4 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
| OpenSSL | rhel8.20210325 | openssl-1.1.1g-15.el8_3 | Active | #4271 |
| Libgcrypt | rhel8.20200615 | libgcrypt-1.8.5-4.el8 | Active | #4397 |
| Kernel Cryptographic API | rhel8.20210614 | kernel-4.18.0-305.7.1.el8_4 | Active | #4384 |
| GnuTLS | rhel8.20210401 | gnutls-3.6.14-8.el8_3 | Active | #4272 |
| NSS | rhel8.20201215 | nss-3.53.1-17.el8_3 | Active | #4413 |
| RHEL 7.9 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
Kernel Cryptographic API | rhel7.20210526 | kernel-3.10.0-1160.31.1.el7 | Active | |
| RHEL 7.8 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
Kernel Cryptographic API | rhel7.20200812 | kernel-3.10.0-1127.19.1.el7 | Active | |
| RHEL 7.7 | ||||
|---|---|---|---|---|
| Cryptographic Module | Module Version | Associated Packages | Validation Status | Certificate |
OpenSSL | rhel7.20190409 | openssl-1.0.2k-19.el7 | Historical | |
Kernel Cryptographic API | rhel7.20200812 | kernel-3.10.0-1127.19.1.el7 | Active | |
GnuTLS | 7.0 | gnutls-3.3.29-9.el7_6.x86_64.rpm | Historical | |
NSS | rhel7.20190606 | nss-softokn-3.44.0-5.el7 | Active | |
OpenSSH Server | rhel7.20190626 | openssh-7.4p1-21.el7 | Historical | |
OpenSSH Client | rhel7.20190626 | openssh-7.4p1-21.el7 | Historical | |
Libreswan | rhel7.20190509 | libreswan-3.25-4.8.el7_6 | Historical | |
Products in Scope
- Red Hat Enterprise Linux
- 9.5
- 9.4
- 9.2
- 9.0
- 8.10
- 8.9
- 8.8
- 8.7
- 8.6
- 8.5
- 8.4
- 7.9
- 7.8
- 7.7
Additional Resources
Notes:
Red Hat plans to reuse FIPS 140-3 validated OpenSSL's FIPS Provider Cryptographic Module (based on the openssl-3.0.7-18.el9_2 package) in current and future releases of Red Hat Enterprise Linux 9.4 and newer, including upcoming Red Hat Enterprise Linux 10.0 (subject to Operating Environment updates). In case of changes (except CVEs and minor bugfixes), Red Hat will continue to distribute the existing validated module until the updated version is fully validated. The updated module in validation will be optionally available for installation for customers where the customer is comfortable running tested but not yet validated modules. Red Hat reserves right to change the plan if necessary (for example OpenSSL introducing incompatible changes).
Meta Data
Products
Regions
Industries
