Module Name
SSL Visibility Appliance
Historical Reason
186-2 transition
Caveat
When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic.
Approved Algorithms
AES |
Certs. #3195, #3496 and #4106 |
CVL |
Certs. #429, #562 and #919 |
DRBG |
Certs. #669, #866 and #1233 |
ECDSA |
Certs. #584, #711 and #931 |
HMAC |
Certs. #2013, #2230 and #2682 |
PBKDF |
vendor affirmed |
RSA |
Certs. #1238, #1625, #1794 and #2222 |
SHS |
Certs. #2052, #2642, #2885 and #3378 |
Triple-DES |
Certs. #1821, #1968 and #2244 |
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4
Hardware Versions
SV3800 [1], SV3800B [2] and SV3800B-20 [3]; 090-03064 [1], 080-03563 [1], 080-03679 [1], 090-03550 [2], 080-03782 [2], 080-03787 [2], 090-03551 [3], 080-03783 [3], and 080-03788 [3] with FIPS Kit: FIPS-LABELS-SV
Firmware Versions
3.8.2F build 227, 3.8.4FC, 3.10 build 40