About OpenSSL in FIPS 140-2 Mode in Oracle Solaris
Oracle Solaris 11.4 has FIPS 140-2 capable OpenSSL libraries that link to the Oracle OpenSSL FIPS Object Module.
For more information about the Oracle OpenSSL 3 FIPS certification, see https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4506.
When running in FIPS 140-2 mode, OpenSSL enforces the use of FIPS 140-2 validated algorithms. Therefore, applications that use OpenSSL in FIPS 140-2 mode cannot access invalid algorithms.
For more information and examples, see the following:
-
OpenSSL and Oracle Solaris in Managing Encryption and Certificates in Oracle Solaris 11.4
-
FIPS 140-2 Approved Algorithms for OpenSSH in Managing Secure Shell Access in Oracle Solaris 11.4
-
openssl
(7) man page
For OpenSSL 3, starting with the Oracle Solaris 11.4 SRU 66 release, use one of the following methods to put Oracle Solaris-delivered components into FIPS 140 mode:
-
Interactively: Run the following command and then reboot:
# cryptoadm enable fips-140
-
Interactively or using a third-party CM system (such as
puppet
or Ansible): Run the following command and then reboot:# pkg install crypto/fips-140
-
At install time: Add the
crypto/fips-140
entry to the AI manifest that lists the packages that you want to install.