Go to main content

Using a FIPS 140-2 Enabled System in Oracle® Solaris 11.4

Exit Print View

Updated: May 2019

Introduction to FIPS 140-2 Level 1 Cryptography in Oracle Solaris

FIPS 140-2, a U.S. Federal Information Processing Standard, is a requirement for many regulated industries and U.S. government agencies that process sensitive but unclassified information. The aim of FIPS 140-2 is to provide a degree of assurance that the system has implemented the cryptography correctly. Providing FIPS 140-2 Level 1 cryptography on a computer system is called "running in FIPS 140-2 mode".

In August 2016, the U.S. National Institute of Standards and Technology (NIST) issued two certificates that validate the Cryptographic Framework feature of Oracle Solaris to the FIPS 140-2 Level 1 standard. The Oracle Solaris certificates are numbered 2698 and 2699. The Oracle Solaris 11.4 release in FIPS 140-2 mode uses the same algorithms.

New Feature – Oracle Solaris 11.4 ships with FIPS 140-2 capable OpenSSL libraries which statically link to the Oracle OpenSSL FIPS Object Module (FOM) 1.0. For more information, see About OpenSSL in FIPS 140-2 Mode in Oracle Solaris.

Applications and FIPS 140-2

A system that is running in FIPS 140-2 mode has enabled at least one provider of FIPS 140-2 cryptography. Some applications (consumers) call FIPS 140-2 cryptography automatically, for example, the passwd command. Some applications call FIPS 140-2 cryptography providers dynamically, for example, Secure Shell. Other applications run in FIPS 140-2 mode when their provider is enabled and the administrator has configured the application to use FIPS 140-2 cryptography only, for example, Kerberos, IPsec, and the Apache HTTP Server.