Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

OpenSSL

Overview

search
printsuggest an edit

Overview

OpenSSL is an open-source project that consists of a cryptographic library and an SSL/TLS toolkit. OpenSSL provides command-line tools for cryptographic operations including symmetric encryption, public-key encryption, and digital signing hash.

Thales ProtectServer 3 HSMs can be used to securely store OpenSSL cryptographic keys. OpenSSL integrates with GemEngine to allow the consumption of HSM resources. The benefits of using ProtectServer 3 HSMs to generate the cryptographic keys for OpenSSL are the following:

  • Secure generation, storage, and protection of the identity-signing private key on FIPS-validated hardware.

  • Full life-cycle management of the keys.

  • Significant performance improvements by offloading cryptographic operations from application servers.

    Note

    ProtectServer 3 integrations with OpenSSL is only supported in FIPS mode with the following versions:

    PTK Version Security Flags
    7.3.1 Default Security Flags*
    7.3.0 FIPS 140-3
    7.2.4 FIPS 140-3
    • The following outlines the workaround scenarios for version 7.3.1:

    Customers with existing OpenSSL (older FW, with FIPS mode enabled) integrations wishing to upgrade to FW 7.03.01 and above.

    Due to the setting of the security mode flag “Tamper Before Upgrade”, direct upgrade to FW 7.03.01 is not permitted. The following steps will workaround that issue.

    • Backup the existing keys.
    • Tamper the HSM.
    • Re-initialize the HSM without FIPS mode set.
    • Upgrade to FW 7.03.01 or above.
    • Restore the key backup.
    • Enable FIPS mode.

    New customers or new integrations with FW 7.03.01 and above (no FIPS mode).

    • Initialize the HSM without FIPS mode set.
    • Upgrade to FW 7.03.01 or above.
    • Perform the integration of OpenSSL.
    • Enable FIPS mode.

On this page