Module Name
Red Hat Enterprise Linux OpenSSH Client Cryptographic Module
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS Mode with module Red Hat Enterprise Linux OpenSSL Module validated to FIPS 140-2 under Cert. #3016 operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode.
Tested Configuration(s)
- Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 with PAA[1]
- Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 without PAA [1] (single-user mode)
- Red Hat Enterprise Linux 7.5 running on Dell PowerEdge R630 with PAA [2]
- Red Hat Enterprise Linux 7.5 running on Dell PowerEdge R630 without PAA [2] (single-user mode)
Approved Algorithms
AES |
Certs. #4644, #4664, #4666, #4667, #4695, #4696, #4697, #4698, #4699, #4700, #5203, #5204, #5205, #5207, #5208, #5209, #5210, #5211, #5212 and #5227 |
CVL |
Certs. #1298, #1312, #1318, #1320, #1361, #1687, #1689, #1693, #1700 and #1718 |
DRBG |
Certs. #1567, #1576, #1578, #1579, #1593, #1594, #1595, #1596, #1597, #1598, #1975, #1976, #1977, #1979, #1980, #1981, #1982, #1983, #1984 and #1993 |
ECDSA |
Certs. #1144, #1148, #1150, #1151, #1347, #1348, #1350 and #1353 |
HMAC |
Certs. #3076, #3088, #3090, #3091, #3107, #3108, #3109, #3110, #3111, #3112, #3445, #3446, #3447, #3449, #3450, #3451, #3452, #3453, #3454 and #3459 |
RSA |
Certs. #2535, #2544, #2546, #2547, #2786, #2787, #2789 and #2792 |
SHS |
Certs. #3807, #3821, #3823, #3824, #3842, #3843, #3844, #3845, #3846, #3847, #4193, #4194, #4195, #4197, #4198, #4199, #4200, #4201, #4202 and #4207 |
Triple-DES |
Certs. #2471, #2481, #2483, #2484, #2638, #2639, #2641 and #2642 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1298, #1312, #1318, #1320, #1687, #1689, #1693 and #1700 with CVL Certs. #1361 and #1718, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1298, #1312, #1318, #1320, #1687, #1689, #1693 and #1700 with CVL Certs. #1361 and #1718, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Software Versions
5.0 [1], 6.0 [2]