Lightship Security and OpenSSL Corporation Advance FIPS 140-3 Validation with OpenSSL 3.5.4 Submission

Lightship Security and OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation

In a significant development for cybersecurity, Lightship Security, part of Applus+ Laboratories and an authorized cryptographic security testing laboratory, has partnered with the OpenSSL Corporation. Together, they have submitted OpenSSL version 3.5.4 to the Cryptographic Module Validation Program (CMVP) for FIPS 140-3 validation. This submission illustrates their commitment to delivering validated cryptographic solutions that adhere to modern security standards and compliance requirements.

The submission signifies that the code for version 3.5.4 is now finalized, with all included algorithms successfully passing the National Institute of Standards and Technology (NIST) testing as well as independent laboratory assessment. The remaining step in this crucial initiative is the final CMVP review and the subsequent issuance of the validation certificate, marking an essential milestone in promoting security in digital transactions and encryption practices.

OpenSSL is an immensely popular open-source software library crucial for internet infrastructure and many embedded systems. The FIPS 140-3 standard represents a benchmark for cryptographic modules, ensuring that security protocols are robust and reliable. The introduction of OpenSSL 3.5.4, on the heels of its predecessor released in April 2025, showcases its new capabilities, including support for post-quantum cryptographic algorithms. These advancements, like ML-KEM, ML-DSA, and SLH-DSA, align with NIST's initiative for PQC standards, hinting at the increasing importance of safeguarding against quantum computing threats in the coming years.

Jason Lawlor, President of Lightship Security, expressed pride in this landmark submission, stating, “This is a fundamental step in establishing validated, standards-based cryptography within one of the most widely used open-source libraries. We are excited to continue our support of OpenSSL’s FIPS 140-3 validation efforts, aligning with compliance requirements for users worldwide.”

Tim Hudson, President of the OpenSSL Corporation, added, “OpenSSL 3.5.4 not only signals progress towards future validation but represents a thoroughly tested and complete module that delivers tangible benefits today. The anticipation of the final certificate confirms that OpenSSL 3.5.4 meets FIPS 140-3 standards while positioning organizations for the quantum-secure future.”

This initiative continues the legacy of the OpenSSL Library's FIPS 140-validated modules, which are widely leveraged across government, defense, and commercial sectors to facilitate secure operations. With OpenSSL 3.5.4, organizations can deploy cryptographic solutions that are both compliant and resilient against contemporary security challenges, as well as those posed by future technological advancements.

As we await the completion of the certification process, stakeholders within the cybersecurity community are optimistic about the implications of this development for enhanced security frameworks in both governmental and commercial domains. The introduction of a FIPS-140 validated PQC-ready module is an important step for organizations preparing for future cryptographic methods resistant to quantum computing threats.

The significance of this submission cannot be overstated, given the critical role that OpenSSL plays in the digital landscape. Organizations across various sectors will benefit once the certification is final. This initiative will not only fortify the existing security infrastructure but also pave the way for advancements that keep pace with the evolving landscape of cybersecurity.