The Cryptographic Module Validation (CMV) Program of the National Institute of Standards and Technology (NIST) provides specifications for software and hardware products that employ cryptographic algorithms, cryptographic key generation and distribution techniques. Authentication techniques that are FIPS 140-2 approved are certified for protecting Federal Government sensitive unclassified information. Vendor products are tested for compliance to these specifications by NIST-approved testing laboratories.

Cryptographic Module

• SSH Cryptographic Library (Software Version 1.2.0) (When operated in FIPS mode)
• Validated to FIPS 140-2

Affected Products

• SSH Tectia Client/Server solution 4.0 (and later)
• SSH Tectia ConnectSecure 6.0 (and later)
• SSH Tectia MFT Events 6.1 (and later)

Level/Description

• Overall Level: 1 
• EMI/EMC: Level 3 
• Self-Tests: Level 4 
• Operational Environment: Tested as meeting Level 1 with Windows XP, Solaris 8, AIX 4.3.3, HP-UX 11i (single user mode). 
• In addition to these tested platforms, Cryptographic Library supports Windows 2000, Windows 2003 Server, Solaris 9, HP-UX 10.20 and RedHat Enterprise Linux versions 2.1 and 3.0.
   

FIPS-approved algorithms: AES (Cert. #52); DES (Cert. #207); Triple-DES (Cert. #162); DSA (Cert. #82); RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #145); HMAC-SHA-1 (Cert. #145, vendor affirmed) Other algorithms: MD5; SHA-256; HMAC-MD5; HMAC-SHA-1 96; CAST-128; Blowfish; Twofish; Arcfour; Diffie-Hellman (key agreement) 

Multi-chip standalone

"The SSH Cryptographic Library is a standards-based shared library providing FIPS 140-2 certified cryptographic services for SSH Communications Security's security products. The library provides a rich API and a comprehensive set of state-of-the-art algorithms including AES, 3DES, SHA-1, HMAC, RSA and DSA.