Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #3067

Details

Module Name
Red Hat Enterprise Linux OpenSSH Client Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
11/26/2022
Validation Dates
11/27/2017
6/15/2018
Overall Level
1
Caveat
When operated in FIPS Mode with module Red Hat Enterprise Linux OpenSSL Module validated to FIPS 140-2 under Cert. #3016 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode.
Tested Configuration(s)
  • Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 with PAA[1]
  • Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 without PAA [1] (single-user mode)
  • Red Hat Enterprise Linux 7.5 running on Dell PowerEdge R630 with PAA [2]
  • Red Hat Enterprise Linux 7.5 running on Dell PowerEdge R630 without PAA [2] (single-user mode)
FIPS Algorithms
AES Certs. #4644, #4664, #4666, #4667, #4695, #4696, #4697, #4698, #4699, #4700, #5203, #5204, #5205, #5207, #5208, #5209, #5210, #5211, #5212 and #5227
CVL Certs. #1298, #1312, #1318, #1320, #1361, #1687, #1689, #1693, #1700 and #1718
DRBG Certs. #1567, #1576, #1578, #1579, #1593, #1594, #1595, #1596, #1597, #1598, #1975, #1976, #1977, #1979, #1980, #1981, #1982, #1983, #1984 and #1993
ECDSA Certs. #1144, #1148, #1150, #1151, #1347, #1348, #1350 and #1353
HMAC Certs. #3076, #3088, #3090, #3091, #3107, #3108, #3109, #3110, #3111, #3112, #3445, #3446, #3447, #3449, #3450, #3451, #3452, #3453, #3454 and #3459
RSA Certs. #2535, #2544, #2546, #2547, #2786, #2787, #2789 and #2792
SHS Certs. #3807, #3821, #3823, #3824, #3842, #3843, #3844, #3845, #3846, #3847, #4193, #4194, #4195, #4197, #4198, #4199, #4200, #4201, #4202 and #4207
Triple-DES Certs. #2471, #2481, #2483, #2484, #2638, #2639, #2641 and #2642
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1298, #1312, #1318, #1320, #1687, #1689, #1693 and #1700 with CVL Certs. #1361 and #1718, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1298, #1312, #1318, #1320, #1687, #1689, #1693 and #1700 with CVL Certs. #1361 and #1718, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Software Versions
5.0 [1], 6.0 [2]

Vendor

Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Jaroslav Reznik
fips140@redhat.com

Lab

ATSEC INFORMATION SECURITY CORP
NVLAP Code: 200658-0