CorSSL
A new solution to address FIPS requirements when using OpenSSL v1.1.1.
CorSSL
A new solution to address FIPS 140 for OpenSSL.
What Is Corsec’s CorSSL?
In the past, vendors that incorporated OpenSSL v1.1.1 were left with few options when it came to addressing FIPS 140 requirements. The open-source library did not support FIPS requirements nor was there a validated module to easily replace the existing code. Vendors were forced to downgrade to OpenSSL v1.0.2 and then private label a module of their own.
Now there is an alternative! Corsec’s CorSSL has solved this headache by providing an easily implementable module, satisfying customer requests for FIPS 140 as well as leveraging a newer version of the OpenSSL library in v1.1.1.
Addressing FIPS 140 requirements has never been easier, CorSSL adds FIPS 140-3-required code to OpenSSL 1.1.1 to meet requirements for:
- FIPS 140-3 Service Indicators
- The FAR & Federal Acquisitions
- Government Key Generation
- Self-Test
- Random Number Generation (RNG)
- Algorithm Transitions
- Common Criteria
- DoDIN APL
Unburden architects & developers from FIPS 140 requirements with a drop in replacement for OpenSSL
How Does it Help Address FIPS 140 Requirements?
CorSSL is built upon the OpenSSL 1.1.1 code base and provides engineering teams with a completely compatible cryptographic engine which meets FIPS 140 requirements.
CorSSL enables sales to U.S. federal agencies and highly regulated industries, providing a quick “drop-in replacement” for any existing OpenSSL 1.1.1-based architectures.
The Federal Information Processing Standards 140-2 and 140-3 (FIPS 140-2 and FIPS 140-3) are U.S. and Canadian co-sponsored security standards for hardware, software, and firmware solutions. In U.S. government procurement, all solutions that use cryptography in a security system that processes sensitive but unclassified information must complete FIPS 140 validation to ensure end users receive a high degree of security, assurance, and dependability.
Technical Details of CorSSL & FIPS 140
CorSSL does not modify the OpenSSL interface, maintaining complete compatibility and eliminating engineering development time to meet FIPS 140-3 requirements. CorSSL is available in binary form for immediate integration, or source-code form for compilation on specialized hardware platforms.
Certification
FIPS 140-3 Validation, Level 1 (Cert #4897)
Corsec can also work with vendors to private label their own FIPS 140-3 validation.
Integration
CorSSL can be integrated as an easy drop-in replacement for any product that is currently leveraging the open-source OpenSSL v1.1.1 cryptographic library.
Licenses & Support
Corsec offers per product licensing options with a variety of services to support integration and maintenance needs. There are three service support (Basic, Premium, and Extended) for patches, bug fixes, and CVEs.
Platforms
Corsec can quickly test on additional platforms, operating systems, and configurations, including hardware as “vendor affirmed” or “tested configurations” to certificates.
Need Support for OpenSSL v1.0.2 or 3.0?
Not only can Corsec help with OpenSSL v1.1.1, we also have solutions for the newest and legacy versions of OpenSSL, v3.0 and v1.02
Contact Corsec below to get help with any of your OpenSSL and FIPS 140 needs.
Want To Purchase CorSSL Today?
Complete the form or call us at +1 (571) 393-9535