Module Name
Amazon Linux 2 NSS Cryptographic Module
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. When installed, initialized and configured as specified in Section 10.2 of the Security Policy.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Amazon Linux 2 NSS Cryptographic Module is a set of libraries designed to support cross-platform development of security-enabled applications. These applications may support the TLS protocol, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards supporting FIPS 140-2 validated cryptographic algorithms.
Tested Configuration(s)
- Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 with PAA
- Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 without PAA (single-user mode)
- Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 with PAA
- Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 without PAA
Approved Algorithms
| AES |
Certs. #A3741, #A3742, #C803, #C804 |
| CKG |
vendor affirmed |
| CVL |
Certs. #A3741, #C803 |
| DRBG |
Certs. #A3741, #C803 |
| DSA |
Certs. #A3741, #C803 |
| ECDSA |
Certs. #A3741, #C803 |
| HMAC |
Certs. #A3741, #C803 |
| KTS |
AES Certs. #A3741, #A3742, #C803, #C804; key establishment methodology provides between 128 and 256 bits of encryption strength |
| RSA |
Certs. #A3741, #C803 |
| SHS |
Certs. #A3741, #C803 |
| Triple-DES |
Certs. #A3741, #C803 |
Allowed Algorithms
MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength)
