{
  "metadata": {
    "generated_at": "2026-04-19T03:09:17.580873Z",
    "dataset": "active",
    "source": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5238"
  },
  "certificate": {
    "certificate_number": "5238",
    "dataset": "active",
    "generated_at": "2026-04-19T03:09:17.580873Z",
    "nist_page_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5238",
    "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5238",
    "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5238.pdf",
    "vendor_name": "SUSE LLC",
    "module_name": "SUSE Linux Enterprise OpenSSL 1 Cryptographic Module",
    "standard": "FIPS 140-3",
    "status": "Active",
    "module_type": "Software",
    "embodiment": "MultiChipStand",
    "overall_level": 1,
    "validation_date": "4/10/2026",
    "validation_dates": [
      "4/10/2026"
    ],
    "sunset_date": "4/9/2031",
    "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.",
    "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.",
    "security_level_exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A"
    ],
    "related_files": [
      {
        "label": "Security Policy",
        "url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5238.pdf"
      }
    ],
    "validation_history": [
      {
        "date": "4/10/2026",
        "type": "Initial",
        "lab": "atsec information security corporation"
      }
    ],
    "vendor": {
      "name": "SUSE LLC",
      "website_url": "http://www.suse.com",
      "address_lines": [
        "1221 S Valley Grove Way, #500",
        "Pleasant Grove, UT 84062",
        "USA"
      ],
      "country": "USA",
      "contact_name": "Ivan Teblin",
      "contact_email": "sec-cert@suse.com",
      "contact_phone": "000-000-0000"
    },
    "algorithms": [
      "AES",
      "CVL",
      "DSA",
      "ECDSA",
      "HMAC",
      "KAS",
      "KDF",
      "RSA",
      "SHA",
      "SSH",
      "TLS"
    ],
    "algorithms_detailed": [
      "AES-CBC | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt,EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-CCM | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Key Length-128,192,256 | SP 800-38C",
      "AES-CFB1 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-CFB128 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-CFB8 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-CMAC | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- GenerationKey Length-128,192,256 | SP 800-38B",
      "AES-CTR | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-ECB | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-GCM | A6075,A6076,A6077,A6078,A6079,A6080,A6081,A6082,A6083,A6100,A6101,A6102,A6106,A6107,A6108 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D",
      "AES-GMAC | A6075,A6076,A6077,A6078,A6079,A6080,A6081,A6082,A6083,A6100,A6101,A6102,A6106,A6107,A6108 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D",
      "AES-KW | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F",
      "AES-KWP | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F",
      "AES-OFB | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A",
      "AES-XTSTestingRevision2.0 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E",
      "CounterDRBG | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-No,Yes | SP 800-90A Rev.1",
      "ECDSASigGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS186-5",
      "ECDSASigGen(FIPS186-5) | A6092,A6093,A6094,A6099,A6105,A6111 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No | FIPS186-5",
      "ECDSASigVer(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-5",
      "ECDSASigVer(FIPS186-5) | A6092,A6093,A6094,A6099,A6105,A6111 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-5",
      "HMAC-SHA2-224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA2-256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109,A6110 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA2-384 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA2-512 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA2-512/224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA2-512/256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA3-224 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA3-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA3-384 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "HMAC-SHA3-512 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1",
      "KAS-ECC-SSCSp800-56Ar3 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3",
      "KAS-FFC-SSCSp800-56Ar3 | A6096 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56A Rev.3",
      "KDA HKDFSP800-56Cr2 | A6095 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-3072 Increment 8HMAC Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2",
      "KDF SSH(CVL) | A6085,A6087,A6089,A6091,A6098,A6104 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1",
      "PBKDF | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132",
      "RSA KeyGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Generation Mode-probableModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5",
      "RSA SigGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5",
      "RSA SigVer(FIPS186-5) | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5",
      "SHA2-224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA2-256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109,A6110 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA2-384 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA2-512 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA2-512/224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA2-512/256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4",
      "SHA3-224 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202",
      "SHA3-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202",
      "SHA3-384 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202",
      "SHA3-512 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202",
      "SHAKE-128 | A6092,A6093,A6094,A6099,A6105,A6111 | Output Length-Output Length:16-65536Increment8 | FIPS 202",
      "SHAKE-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Output Length-Output Length:16-65536Increment8 | FIPS 202",
      "TLS v1.2 KDFRFC7627(CVL) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1",
      "TLS v1.3 KDF(CVL) | A6095 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1",
      "AES-GCM with external IV | Authenticated encryption",
      "HMAC with less than 112-bit keys, SipHash | Message authentication code (MAC)",
      "Diffie-Hellman with domain parameters other than safe primes | Key pair generation; Diffie-Hellman public key validation; Shared secret computation",
      "DSA with any key sizes | Digital signature verification",
      "EC Diffie-Hellman with P-192 curve, K curves, B curves and non-NIST curves | Shared secret computation",
      "ECDSA with P-192 curve, K curves, B curves and non-NIST curves | Key pair generation; Digital signature generation; Digital signature verification",
      "PBKDF with non-approved message digest algorithms or using input parameters not meeting requirements stated in section 2.7.3 | Key derivation",
      "RSA with keys smaller than 2048 bits | Key pair generation; Digital signature generation; Digital signature verification",
      "RSA encryption with any key sizes | Key encapsulation",
      "RSA decryption with any key sizes | Key un-encapsulation",
      "TLS v1.0,v1.1 KDF | Key derivation",
      "SHA-1 | Message digest; Digital signature generation; Digital signature verification; Message authentication code (MAC); Key derivation"
    ]
  }
}