Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #861

Historical - The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.

Details

Module Name

Oracle Cryptographic Libraries for SSL

Standard

FIPS 140-2

Status

Historical

Historical Reason

RNG SP800-131A Revision 1 Transition

Overall Level

Caveat

When operated in FIPS mode

Module Type

Software

Embodiment

Multi-chip standalone

Description

The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints.

Tested Configuration(s)

Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server

Approved Algorithms

AES	Cert. #608
HMAC	Cert. #314
RNG	Cert. #347
RSA	Cert. #281
SHS	Cert. #657
Triple-DES	Cert. #573

Other Algorithms

RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Software Versions

10g (10.1.0.5)

Vendor

Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Shaun Lee
shaun.lee@oracle.com
Phone: +44 1189 243860

Related Files

Security Policy
Certificate

Validation History

Date	Type	Lab
12/18/2007	Initial	LogicaCMG