What OpenSSL version is Fireware using?

edited December 2022 in Firebox - Other

I was looking at FIPS for Fireware, and I see "Fireware v12.3.1 is the latest FIPS-certified version of Fireware. In Fireware v12.4 and higher, Fireware uses a version of OpenSSL that does not support FIPS 140-2."

FIPS Support in Fireware

However, it looks like OpenSSL V3.0 now has FIPS certification:

OpenSSL FIPS 140-2 Validation Certificate Issued

So, what OpenSSL version is Fireware using?
And are there ongoing plans for the latest Fireware versions to be able to run in FIPS mode?

Best Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative
    Answer ✓

    Hi Bruce,

    Fireware uses 1.1.1n at this current point in time. (As of 12.8 Update 1)

    FIPS certification is a bit of a process and effectively freezes at the version number that the firewall was summitted with. It's unlikely that the older firewalls that were previously certified will be re-submitted (by the time they're approved they won't be available to buy anymore.)

    The folks that run that program may be looking into v3.0 for 140.3. I'll have to look into that and get back to you.

    -James Carson
    WatchGuard Customer Support

  • Thanks

  • james.carsonjames.carson Moderator, WatchGuard Representative
    Answer ✓

    I was able to find that work is being done on OpenSSL v3.0 (or better) for FIPS 140-3, but what will be included exactly will depend on feedback from the 3rd party testing and/or requirements set by the governmental bodies that form those standards.

    140-3 is likely still a bit of time off -- the process is intentionally methodical.

    All of our devices will likely support FIPS mode regardless as to if that specific model is certified or not.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.