1. Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4
  2. Enabling FIPS 140-2 Providers on an Oracle Solaris System
  3. How to Enable the FIPS 140-2 Providers in Oracle Solaris
  4. About OpenSSL in FIPS 140-2 Mode in Oracle Solaris

About OpenSSL in FIPS 140-2 Mode in Oracle Solaris

Oracle Solaris 11.4 has FIPS 140-2 capable OpenSSL libraries that link to the Oracle OpenSSL FIPS Object Module.

For more information about the Oracle OpenSSL 3 FIPS certification, see https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4506.

When running in FIPS 140-2 mode, OpenSSL enforces the use of FIPS 140-2 validated algorithms. Therefore, applications that use OpenSSL in FIPS 140-2 mode cannot access invalid algorithms.

For more information and examples, see the following:

For OpenSSL 3, starting with the Oracle Solaris 11.4 SRU 66 release, use one of the following methods to put Oracle Solaris-delivered components into FIPS 140 mode:

  • Interactively: Run the following command and then reboot: 

    # cryptoadm enable fips-140

  • Interactively or using a third-party CM system (such as puppet or Ansible): Run the following command and then reboot: 

    # pkg install crypto/fips-140

  • At install time: Add the crypto/fips-140 entry to the AI manifest that lists the packages that you want to install.