Oracle, OpenSSL and SafeLogic recently announced a joint effort in developing the next generation open source OpenSSL 1.1 FIPS 140-2 module. OpenSSL is the “most widely used and respected cryptographic library protecting data transfers across computer networks.” Oracle has already contributed $50,000 to the effort with more to follow contingent on the project’s future progress. Indeed the project will “deliver a free, open-source FIPS module that will benefit everyone.”
The need for OpenSSL to meet the Federal Information Processing Standard (FIPS) 140-2, a U.S. and Canadian government security standard for testing cryptographic modules is immediate. The current OpenSSL FIPS module has not received a significant upgrade since 2012. Jim Wright, Chief Architect, Open Source Policy, Strategy, Compliance and Alliances at Oracle recently echoed this conclusion:
“Ensuring that OpenSSL maintains an up to date FIPS implementation is critical to helping maintain the security posture of sensitive data on government systems and the continuous safety of millions of transactions performed daily.”
More partners are welcome and needed to help with completion of the project. The project is already off to a great start as Steve Marquess, President of OpenSSL Validation Services, Inc. further explains:
“We’re already hard at work on the initial stage of designing a new module to accommodate the many changes in FIPS 140 validations over the past five years, and looking forward to a modernized implementation that can support the community for years to come.”