The SafeLogic Blog

Today, SafeLogic announced the general availability of CryptoComply OpenSSL 3.0 FIPS Provider, a new software product that allows organizations to implement OpenSSL 3.0 and TLS 1.3 with a FIPS-validated cryptographic module.  This new software is available today from SafeLogic. FIPS 140 validation is required for products containing cryptography to be used by government agencies.  It is also required by security regulations including FedRAMP, Common Criteria, CyberSecurity Maturity Model Security (CMMC) 2.0, and DoD APL among others.

Why Organizations are Moving to OpenSSL 3.0

OpenSSL is a widely used cryptographic library and OpenSSL 3.0 is the latest version of this library. It includes support for Transport Layer Security (TLS) version 1.3 by default. Many organizations are looking to implement OpenSSL 3.0 because it incorporates the newest architecture, latest APIs, most recent security bug fixes, and support for critical functions such as TLS 1.3. 

One of the main benefits of using OpenSSL 3.0 with TLS 1.3 is its ability to improve connection speeds by up to two times over previous versions in some cases, making it ideal for websites or applications that need to provide users with fast load times and responsive performance under heavy loads. Additionally, OpenSSL 3.0 offers increased security thanks to its support for the latest generation of encryption algorithms.

Why Organizations Are Moving to TLS 1.3

TLS, or Transport Layer Security, is a protocol used to encrypt data as it traverses the internet. TLS 1.3 is the latest version of this protocol and includes many improvements over previous versions. Some of the key enhancements in TLS 1.3 include stronger encryption, faster time-to-key exchange that allows connections to be established more quickly than before, and support for modern transport protocols like QUIC that work well with mobile devices and other hardware without slowing down performance or increasing latency.

Overall, TLS 1.3 offers several substantial improvements over previous versions that make it faster and more secure than ever before. Therefore, if a website or application needs to establish encrypted connections with clients, it’s important to use the latest version of TLS to ensure maximum security and performance.

Using CryptoComply OpenSSL 3.0 FIPS Provider

Given NIST’s ongoing transition from FIPS 140-2 to FIPS 140-3 and other factors, the availability of FIPS-validated encryption modules for TLS 1.3 and OpenSSL 3.0 is extremely limited. As a result, organizations seeking to use OpenSSL 3.0 APIs and/or TLS 1.3 with a FIPS-validated cryptographic module have had limited options. With this new product, SafeLogic is giving companies in this situation a new alternative. 

For existing SafeLogic CryptoComply customers, the new software is available as an optional upgrade. To use it, they will need to migrate to the OpenSSL 3.0 architecture and then use the CryptoComply OpenSSL 3.0 FIPS Provider as a drop-in replacement. CryptoComply customers can use this provider with their existing FIPS 140-2 certificate. Current CryptoComply customers not interested in upgrading to OpenSSL 3.0 / TLS 1.3 architecture do not need to take any action on this announcement.

For companies that are not existing CryptoComply for Server (CCS) customers yet want to use OpenSSL 3.0 / TLS 1.3 with a FIPS-validated module, CryptoComply OpenSSL 3.0 FIPS Provider is also a good option. With SafeLogic’s RapidCert program, companies can obtain a FIPS-validated encryption module and a listing on the NIST FIPS 140 certification website in as little as two months. Furthermore, their FIPS-validated encryption module will work with OpenSSL 3.0 and TLS 1.3

To learn more about SafeLogic’s CryptoComply OpenSSL 3.0 FIPS Provider or obtain a download, click on this link to request a consultation with a SafeLogic encryption expert.