Important News:CryptoComply FIPS 140-3 Early Access Program is now open. Learn more!
Many Organizations Are Moving to OpenSSL 3 and TLS 1.3
OpenSSL is a widely used cryptographic library. OpenSSL 3 is the latest generation of the open-source software. Many organizations want to implement OpenSSL 3 because it incorporates the newest architecture, latest APIs, 2x faster connection speeds, the most recent security bug fixes, and support for the latest generation of encryption algorithms.
OpenSSL 3 includes support for Transport Level Security (TLS) 1.3, the latest version of the protocol. TLS 1.3 incorporates many improvements over previous versions, such as stronger encryption, faster time-to-key exchange that allows connections to be established more quickly than before, and support for modern transport protocols like QUIC that work well with mobile devices and other hardware without slowing down performance or increasing latency.
Given the security improvements in OpenSSL 3 and TLS 1.3, some security regulations are now mandating their adoption.
But FIPS 140 Certification is Still a Requirement
FIPS 140 validation is required for products containing cryptography to be used by government agencies. It is also required by security regulations, including FedRAMP, StateRAMP, Common Criteria, CyberSecurity Maturity Model Security (CMMC) 2.0, DoDIN APL, and CNSA 2.0, among others.
As NIST transitions from FIPS 140-2 to 140-3, they have a huge backlog of modules in the certification process. But NIST is no longer certifying new modules against 140-2. As a result, organizations seeking to use the new OpenSSL 3 APIs and/or TLS 1.3 with a FIPS-validated cryptographic module have limited options.
To make matters even more challenging, some of the same security frameworks that mandate FIPS 140 are also now mandating the use of OpenSSL 3 and or TLS 1.3.
CryptoComply Now Has an OpenSSL 3 + TLS 1.3 + FIPS Validated Cryptography Option
CryptoComply OpenSSL 3 FIPS Provider allows organizations to implement OpenSSL 3 and TLS 1.3 with a FIPS-validated cryptographic module.
For existing CryptoComply customers, the new software is available as an optional upgrade. To use it, they will need to migrate to the OpenSSL 3 architecture and then use CryptoComply OpenSSL 3 FIPS Provider as a drop-in replacement. CryptoComply customers can use this provider with their existing FIPS 140-2 certificate.
For companies that are not CryptoComply for Server (CCS) customers yet want to use OpenSSL 3 / TLS 1.3 with a FIPS-validated module, CryptoComply OpenSSL 3 FIPS Provider is also a good option. With SafeLogic’s RapidCert program, companies can obtain a FIPS-validated encryption module and a listing on the NIST FIPS 140 certification website in as little as two months. Furthermore, their FIPS-validated encryption module will work with OpenSSL 3 and TLS 1.3.
CryptoComply OpenSSL 3 FIPS Provider Now Works on Apple iOS Devices
SafeLogic is excited to announce the launch of its CryptoComply OpenSSL 3 FIPS Provider for iOS Early Access Program (EAP). With this EAP, SafeLogic is making a FIPS 140 validated cryptographic module for IOS devices, compatible with the OpenSSL 3.0 architecture, available for testing. As a result, iOS applications can now use important features in OpenSSL 3.0, such as TLS 1.3, while meeting strict government requirements for strong cryptography with a FIPS 140 validated cryptographic module.