Managing Encryption and Certificates in Oracle® Solaris 11.2

Exit Print View

Updated: September 2014

Cryptographic Framework and FIPS 140

FIPS 140 is a U.S. Government computer security standard for cryptography modules. Oracle Solaris systems offer two providers of cryptographic algorithms that are approved for FIPS 140-2 Level 1.

    Those providers are:

  • The Cryptographic Framework of Oracle Solaris provides two FIPS 140-approved modules. The userland module supplies cryptography for applications that run in user space. The kernel module provides cryptography for kernel-level processes.

  • The OpenSSL object module provides FIPS 140-approved cryptography for SSH and web applications.

    Note the following key considerations:

  • Because FIPS 140-2 provider modules are CPU intensive, they are not enabled by default. As the system administrator, you are responsible for enabling the providers in FIPS 140 mode and configuring applications that use the FIPS-approved algorithms.

  • If you have a strict requirement to use only FIPS 140-2 validated cryptography, you must be running the Oracle Solaris11.1 SRU5.5 release or the Oracle Solaris11.1 SRU3 release. Oracle completed a FIPS 140-2 validation against the Solaris Cryptographic Framework in these two specific releases. Oracle Solaris11.2 builds on this validated foundation and includes software improvements that address performance, functionality, and reliability. Whenever possible, you should configure Oracle Solaris11.2 in FIPS 140-2 mode to take advantage of these improvements.

    For information, see Using a FIPS 140 Enabled System in Oracle Solaris 11.2 . This article covers the following topics:

  • Overview of FIPS 140-2 Level 1 cryptography in Oracle Solaris

  • Enabling FIPS 140 providers

  • Enabling FIPS 140 consumers

  • Example of enabling two applications in FIPS 140 mode

  • FIPS 140-approved algorithms and certificate references

The following additional information is available: