All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Aruba OpenSSL Module

Certificate#4929StandardFIPS 140-3Level1TypeFirmwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorHewlett Packard Enterprise
High review priority  ·  no TCB surface named  ·  OpenSSL upstream has published 39 CVEs since this module's initial validation  ·  last validated 19 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date12/19/2026
CaveatInterim validation. When operated in Approved mode.
VendorHewlett Packard Enterprise

Approved Algorithms (36)

AlgorithmACVP Cert
AES-CBCA2690
AES-CCMA2690
AES-CFB128A2690
AES-CTRA2690
AES-CTRA2690
AES-ECBA2690
AES-GCMA2690
AES-KWA2690
DSA KeyGen (FIPS186-4)A2690
DSA PQGGen (FIPS186-4)A2690
ECDSA KeyGen (FIPS186-4)A2690
ECDSA KeyVer (FIPS186-4)A2690
ECDSA SigGen (FIPS186-4)A2690
ECDSA SigVer (FIPS186-4)A2690
HMAC-SHA-1A2690
HMAC-SHA2-256A2690
HMAC-SHA2-384A2690
HMAC-SHA2-512A2690
KAS-ECC-SSC Sp800-56Ar3A2690
KAS-FFC-SSC Sp800-56Ar3A2690
KDA TwoStep Sp800-56Cr1A2690
KDF IKEv1A2690
KDF SNMPA2690
KDF SP800-108A2690
KDF SSHA2690
KDF TLSA2690
RSA KeyGen (FIPS186-4)A2690
RSA SigGen (FIPS186-4)A2690
RSA SigVer (FIPS186-2)A2690
RSA SigVer (FIPS186-4)A2690
Safe Primes Key GenerationA2690
Safe Primes Key VerificationA2690
SHA-1A2690
SHA2-256A2690
SHA2-384A2690
SHA2-512A2690

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Aruba OpenSSL Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Self-Test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Aruba OpenSSL Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Self-Test</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Non-Proprietary Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Document Version 1.0 November 2024 1| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 2

Non-Proprietary © 2024 Hewlett Packard Enterprise Company. Hewlett Packard Enterprise Company trademarks include , HPE Networks®, HPE Wireless Networks®, HPE Networking, the registered HPE Networking the Mobile Edge Company logo, HPE Networking Mobility Management System®, Mobile Edge Architecture®, property of their respective owners. HPE Networking is a Hewlett Packard Enterprise company. The resource assets in this firmware may include abbreviated and/or legacy terminology for HPE Networking products. See https://www.hpe.com/us/en/networking/ for current and complete HPE Networking product lines and names. Open Source Code Certain Hewlett Packard Enterprise Company products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: https://myenterpriselicense.hpe.com/cwp-ui/software Legal Notice The use of Hewlett Packard Enterprise Company switching platforms and software or firmware, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Hewlett Packard Enterprise Company, from vendors. https://www.hpe.com/us/en/networking/

1701 E Mossy Oaks Rd,

Spring, TX, USA 77389 Phone: 1-888-342-2156 2| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 3

11.1.1 Setting Up the Hewlett Packard Enterprise Controller, Gateway, Conductor, or Controller-managed

Figures 3| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 4

Non-Proprietary Tables Preface notice. Products identified herein contain confidential commercial firmware. Valid license required. Document Revision History The following table lists the history of the revisions of this document by version number and date of revision. Table 1

1.0 November 2024 Module firmware version 1.0 used by ArubaOS firmware versions running on Hewlett

Packard Enterprise hardware and virtual appliances 4| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 5
1 General

This section describes:

1.1 Purpose of this Document

This release supplement provides information regarding the Hewlett Packard Enterprise Aruba OpenSSL Module firmware version 1.0 FIPS 140-3 Level 1 validation from Hewlett Packard Enterprise (HPE). Throughout this document, references to HPE Networking are to the Hewlett Packard Enterprise division. The material in this supplement modifies the general Hewlett Packard Enterprise firmware documentation included with this product and should be kept with your Hewlett Packard Enterprise product documentation. This supplement primarily covers the non-proprietary Cryptographic Module Security Policy for the Hewlett Packard Enterprise Aruba OpenSSL Module firmware version 1.0. This security policy describes how the module meets the security requirements of FIPS 140-3 Level 1 and how to place and maintain the module in the secure Approved mode. This policy was prepared as part of the FIPS 140-3 Level 1 validation of the product. FIPS 140-3 (Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules) details the U.S. Government requirements for cryptographic modules. FIPS 140-3 aligns with ISO/IEC 19790:2012(E) and includes modifications of the Annexes that are allowed to the Cryptographic Module Validation Program (CMVP), as a validation authority. The testing for these requirements will be in accordance with ISO/IEC 24759:2017(E), with the modifications, additions or deletions of vendor evidence and testing allowed as a validation authority under paragraph 5.2. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) website at: https://csrc.nist.gov/projects/cryptographic-module-validation-program In addition, in this document, the Hewlett Packard Enterprise Aruba OpenSSL Module is referred to as the module, the cryptographic module, and Aruba OpenSSL module.

1.2 Additional Hewlett Packard Enterprise Product Information

More information is available from the following sources:

Page 6
1.3 Acronyms and Abbreviations

AES Advanced Encryption Standard AP Access Point CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCCS Canadian Centre for Cyber Security, a branch of CSE CLI Command Line Interface CMVP Cryptographic Module Validation Program CO Crypto Officer CPSec Control Plane Security protected CSE Communications Security Establishment CSP Critical Security Parameter DF Derivation Function EAP Extensible Authentication Protocol ECO External Crypto Officer EMC Electromagnetic Compatibility EMI Electromagnetic Interference ESV Entropy Source Validation FE Fast Ethernet GE Gigabit Ethernet GHz Gigahertz HMAC Hashed Message Authentication Code Hz Hertz IKE Internet Key Exchange IPsec Internet Protocol security KAT Known Answer Test KEK Key Encryption Key L2TP Layer-2 Tunnelling Protocol LAN Local Area Network LED Light Emitting Diode NTP Network Time Protocol OCSP Online Certificate Status Protocol PCT Pairwise Consistency Test PSP Public Security Parameter SFTP Secure File Transfer Protocol SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SSP Sensitive Security Parameter SPOE Serial & Power Over Ethernet TEL Tamper-Evident Label TFTP Trivial File Transfer Protocol TPM Trusted Platform Module WLAN Wireless Local Area Network 6| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 7
1.4 Security Levels

The Hewlett Packard Enterprise Aruba OpenSSL Module is intended to meet overall FIPS 140-3 Level 1 requirements as shown in the following table. Table 2

1 General 1

2 Cryptographic Module Specification 1

3 Cryptographic Module Interfaces 1

4 Roles, Services, and Authentication 1

5 Software/Firmware Security 1

6 Operational Environment 1

7 Physical Security 1

8 Non-Invasive Security N/A

9 Sensitive Security Parameter Management 1

10 Self-Tests 1

11 Life-Cycle Assurance 1

12 Mitigation of Other Attacks N/A

Overall Overall Security Rating of the Module 1 7| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 8
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Hewlett Packard Enterprise Aruba OpenSSL Module version 1.0 (also referred to as ‘the module’) is a firmware type cryptographic module that was validated under FIPS 140-3 Level 1 requirements and meets the claims made in this document. ArubaOS is the operating system for Hewlett Packard Enterprise Mobility Conductors, Mobility Controllers/Gateways, and controller-managed Hewlett Packard Enterprise Access Points (APs). The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances. Module Type: Firmware Module Embodiment: Multiple-chip Standalone

2.1.1 Cryptographic Module Boundary

The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system. The cryptographic boundary for the Hewlett Packard Enterprise Aruba OpenSSL Module is defined as the module component within the Linux-based User Space. The physical perimeter is the productiongrade enclosure of the hardware chassis of the Hewlett Packard Enterprise hardware device or Hewlett Packard Enterprise virtual appliance host. The module is one of the components within the ArubaOS firmware package in electronic form and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise device. The Hewlett Packard Enterprise Aruba OpenSSL Module component includes the module shared libraries and the associated integrity check files (used for integrity tests):

Page 9
2.2 Version Information

The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware) version 1.0 was validated against FIPS 140-3 Level 1 requirements. The CMVP makes no claim as to the correct operation of the module or the security strengths of the generated keys when operating under a version that is not listed on the validation certificate. Table 3

2.3 Operating Environments

The module operates in a limited operational environment. The module runs on the ArubaOS operating system and related hardware or virtual platform and provides cryptographic services for the ArubaOS operating system. See the following tables of Tested Operational Environments and Vendor Affirmed Operational Environments for details. Table 4

1 ArubaOS 8.10 7020 Mobility Controller Broadcom XLP208 (MIPS64) None

2 ArubaOS 8.10 7205 Mobility Controller Broadcom XLP316 (MIPS64) None

3 ArubaOS 8.10 7220 Mobility Controller Broadcom XLP432 (MIPS64) None

4 ArubaOS 8.10 7280 Mobility Controller Broadcom XLP (MIPS64) None

5 ArubaOS 8.10 9012 Gateway Intel Atom C3508 (Denverton) None

6 ArubaOS 8.10 9240 Gateway Intel Xeon (Cascade Lake) with / without PAA

7 ArubaOS 8.10 AP-505 Wireless Access Point Broadcom BCM47622L (ARM-A7) None

8 ArubaOS 8.10 AP-515 Wireless Access Point Broadcom BCM (64-bit ARMv8) None

9 ArubaOS 8.10 AP-535 Wireless Access Point Qualcomm IPQ (64-bit ARM Cortex A53) None

10 ArubaOS 8.10 AP-635 Wireless Access Point Qualcomm IPQ (64-bit ARM Cortex A53) None

11 ArubaOS 8.10 AP-655 Wireless Access Point Qualcomm IPQ (64-bit ARM Cortex A53) None

ArubaOS 8.10 MCR-HW-5K Mobility Conductor Hardware

12 Intel Xeon E5-2620v4 (Broadwell) with PAA

Appliance ArubaOS 8.10 on MCR-VA-50 Mobility Conductor Virtual

13 Intel Xeon Gold 6212U (Cascade Lake) None

VMWare ESXi 7.0 Appliance on HPE Edgeline 20 ArubaOS 8.10 on MC-VA-50 Mobility Controller Virtual

14 Intel Xeon E3 1515 (Skylake) None

VMWare ESXi 7.0 Appliance on HPE ProLiant ML110 Gen10 ArubaOS 8.10 on MC-VA-50 Mobility Controller Virtual

15 Intel Xeon E-2254ML (CoffeeLake) None

VMWare ESXi 7.0 Appliance on Pacstar PS451-1258 Series 9| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 10

Non-Proprietary Table 5

1 ArubaOS 8.10 70xx Mobility Controllers
2 ArubaOS 8.10 72xx Mobility Controllers
3 ArubaOS 8.10 90xx Gateways
4 ArubaOS 8.10 92xx Gateways
5 ArubaOS 8.10 AP-51x and AP-57x Wireless Access Points
6 ArubaOS 8.10 AP-50x and AP-56x Wireless Access Points

7 ArubaOS 8.10 AP-53x, AP-55x, AP-58x, and AP-63x Wireless Access Points

8 ArubaOS 8.10 MCR-HW-xxx Mobility Conductor Hardware Appliances

9 MC-VA-xxx Mobility Controller Virtual Appliances on HPE ProLiant ML110 Gen10

VMWare ESXi 7.0 ArubaOS 8.10 on

10 MCR-VA-xxx Mobility Conductor Virtual Appliances on HPE ProLiant ML110 Gen10

VMWare ESXi 7.0 ArubaOS 8.10 on

11 Virtual Appliances on HPE EdgeLine 20

VMWare ESXi 7.0 ArubaOS 8.10 on

12 Virtual Appliances on PacStar PS451-1258 Series

VMWare ESXi 7.0 ArubaOS 8.10 on Virtual Appliances on device running an equivalent Intel processor (Intel Atom, i5, i7, VMWare ESXi 7.0 or Xeon)

2.4 Excluded Components

There are no excluded components for the module.

2.5 Modes of Operation

The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware) is one of the Hewlett Packard Enterprise cryptographic modules that provide cryptographic services for the host ArubaOS operating system, and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise host device.

2.5.1 Approved Mode

When the module starts up successfully, after passing all the Cryptographic Algorithm Self-Tests (CASTs) and Pre-Operational Self-Tests (POSTs), and following the guidance in section 11.1, Start-up Procedures, the module is operating in the Approved mode of operation, provided that the guidelines on services, algorithms, and key management found in this Security Policy are followed.

2.5.2 Non-Approved Mode

When the module starts up but FIPS Settings are not enabled as per the guidance in section 11.1, Start-up Procedures, then the module is operating in non-Approved mode of operation. 10| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 11
2.6 Approved Algorithms

The firmware in the Hewlett Packard Enterprise Aruba OpenSSL Module contains the following cryptographic algorithm implementations that will be used for the corresponding security services supported by the module in the Approved mode. Table 6

Page 12

Non-Proprietary HMAC-SHA-1, HMAC HMAC-SHA2-256, A2690 (minimum 112 bits) Message Authentication [FIPS 198-1] HMAC-SHA2-384, HMAC-SHA2-512 KBKDF HMAC-SHA-1, HMAC-SHA2-256, A2690 CTR Key-based Key Derivation [SP 800-108 Rev1] HMAC-SHA2-384 FFC: FC with SHA2-256, MODP-2048 with SHA2-256 Key Agreement Scheme

Page 13

2.7 Non-Approved Cryptographic Algorithms Allowed in the Approved Mode of Operation

The cryptographic module implements no non-Approved algorithms allowed for use in the Approved mode of operation.

2.8 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No

Security Claimed The cryptographic module implements the following non-Approved algorithms allowed in the Approved mode of operation with no security claimed, as per I.G. 2.4.A. Table 7

2.9 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

The cryptographic module implements the following non-Approved algorithms that are not permitted for use in the Approved mode of operations. Table 8

Page 14
3 Cryptographic Module Interfaces

As a firmware module, the module interfaces are defined as Software or Firmware Module Interfaces (SFMI), and there are no physical ports. The logical interfaces are defined as the API of the cryptographic module. The interfaces are listed in the table below. All data output via data output interface is inhibited when the module is performing pre-operational tests or zeroization or when the module enters error state. Table 9

4 Roles, Services, and Authentication

The following section lists the roles supported by the module, authentication mechanisms used by the module, and services (both security and non-security, Approved and non-Approved) available from the module.

4.1 Authentication

The Hewlett Packard Enterprise Aruba OpenSSL Module does not provide any identification or authentication methods of its own. The CO and the User roles are implicitly identified by the service requested.

4.2 Roles

The module supports two distinct operator roles: the Crypto Officer role and the User role. These roles are implicitly assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators, a maintenance role, nor bypass capability. Table 10

Page 15

Non-Proprietary The table below lists descriptions of the services available to the roles, with input and output. Table 11

Page 16
4.3 Services

The module provides various services depending on role. These are described in the sections below. The meaning of the letters used to describe the ‘Access Rights to Keys and/or SSPs’ are:

4.3.1 Approved Services

See the tables below for descriptions of the services, Approved security functions, keys and/or SSPs available to the module’s roles. The Hewlett Packard Enterprise Aruba OpenSSL Module is one of the components within the ArubaOS firmware package which runs on the host device. ArubaOS includes CLI commands, some of which interact with the module via APIs. Successful completion of a security service (via API return code for success) when the module is in Approved mode (see section 11.1, Start-up Procedures) denotes use of approved security service. Table 12

Page 17

Non-Proprietary Safe Primes key Diffie-Hellman key CTR_DRBG [1] DRBG Entropy Input User W/E API return code generation and generation and verification Safe Primes KeyGen [3] DRBG Key E for success verification using safe primes Safe Primes KeyVer [4] DRBG V E [5] DH Private Key W/E (A2690) [6] DH Public Key W/E Key derivation Key derivation through KBKDF [7] DH Shared Secret User W/E API return code function SP800-135rev1-KDF KDA Two Step [10] ECDH Shared Secret W/E for success (IKEv1-KDF, TLS-KDF, IKEv1-KDF [15] IKE Pre-Shared Key W/E TLSv1.2-KDF-RFC7627, TLS-v1.0/1.1-KDF [16] skeyid G/Z SSHv2-KDF, SNMPv3- TLS-v1.2-KDF-RFC7627 [17] skeyid_d G/R KDF), SP800-108rev1-KDF SSHv2-KDF [18] IKE Session G/R (KBKDF) and SP800- SNMPv3-KDF Authentication Key 56Crev2 [19] IKE Session Encryption G/R (A2690) Key [20] IPSec Session G/R Encryption Key [21] IPSec Session G/R Authentication Key [22] SSHv2 Session Key G/R [23] SSHv2 Session G/R Authentication Key [24] TLS Pre-Master Secret W/E [25] TLS Master Secret W/E [26] TLS Session G/R Encryption Key [27] TLS Session G/R Authentication Key [28] SNMPv3 W/E Authentication Password [29] SNMPv3 G/R Authentication Key [30] SNMPv3 Engine ID W/E [31] SNMPv3 Privacy Key G/R [32] SNMPv3 Privacy W/E Protocol Password [33] WPA2/WPA3 Pre- W/E Shared Secret [34] WPA2/WPA3 Pair- G/R Wise Master Key (PMK) [35] WPA2/WPA3 PairWise G/R Transient Key (PTK) [36] WPA2/WPA3 Session G/R Key [37] WPA2/WPA3 Group G/R Master Key (GMK) [38] WPA2/WPA3 Group G/R Transient Key (GTK) Message Generate or verify data HMAC-SHA-1 [18] IKE Session User W/E authentication integrity with HMAC key HMAC-SHA2-256 Authentication Key HMAC-SHA2-384 [21] IPSec Session W/E HMAC-SHA2-512 Authentication Key [23] SSHv2 Session W/E API return code (A2690) Authentication Key for success [27] TLS Session W/E Authentication Key [35] WPA2/WPA3 PairWise W/E Transient Key (PTK) Key agreement Perform key agreement KAS-ECC-SSC [5] DH Private Key User W/E API return code primitives on behalf of the KAS-FFC-SSC [6] DH Public Key W/E for success calling process (does not [7] DH Shared Secret G/R establish keys into the (A2690) [8] ECDH Private Key W/E module) [9] ECDH Public Key W/E [10] ECDH Shared Secret G/R 17| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 18

Non-Proprietary Key wrapping / AES key wrapping AES-GCM [19] IKE Session Encryption User W/E Key transport AES-KW Key API return code AES-CBC with HMAC [20] IPSec Session W/E for success Encryption Key (A2690) Key pair Generate RSA, FFC, or CTR_DRBG [1] DRBG Entropy Input User W/E API return code generation ECDSA key pairs DSA/FFC keyGen [3] DRBG Key E for success DSA/FFC pqgGen [4] DRBG V E Safe Primes KeyGen [5] DH Private Key G/R Safe Primes KeyVer [6] DH Public Key G/R ECDSA/ECC KeyGen [8] ECDH Private Key G/R ECDSA/ECC KeyVer [9] ECDH Public Key G/R RSA KeyGen [11] RSA Private Key G/R RSA KeyVer [12] RSA Public Key G/R [13] ECDSA Private Key G/R (A2690) [14] ECDSA Public Key G/R Message digest Generate a SHA-1 or SHA2 SHA-1 None User None API return code message digest SHA2-256 for success SHA2-384 SHA2-512 Table 13

Page 19

Non-Proprietary Zeroization The cryptographic keys stored in None All SSPs will be destroyed. Crypto Z API return code SDRAM memory can be zeroized by Officer for success rebooting the module. The cryptographic keys (IKE Pre-shared key and RSA/ECDSA Private/Public keys) stored in the host flash can be zeroized by using the ArubaOS command ‘wipe out flash’ on the host or by overwriting with a new secret. Please see ArubaOS CLI guide for details.

4.3.2 Non-Approved Services

The non-Approved services listed in the table below are available in the non-Approved mode but are not available in the Approved mode (see section 11.1, Start-up Procedures). The module does not support a degraded mode of operation. Table 14

Page 20
5 Software / Firmware Security

The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware version 1.0) is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system. The module is one of the components within the ArubaOS firmware package and is installed automatically when a trusted and verified ArubaOS firmware package signed by Hewlett Packard Enterprise is booted on an Hewlett Packard Enterprise host device. The module performs a firmware integrity test when powered on (refer to Self-Tests for details). All cryptographic algorithm self-tests are run at power-up, prior to the first operational use of the cryptographic algorithm. The firmware integrity test verifies the integrity of the module by comparing a calculated HMAC-SHA-1 value against the stored HMAC value. The operator can initiate the firmware integrity test on demand by rebooting the host device. Rebooting also zeroizes all SSPs stored in SDRAM memory. All data output via the data output interface is inhibited until the firmware integrity test has completed successfully. If the firmware integrity test fails, the module enters the error state (while in this state, the module provides no functionality). The temporary values generated during the firmware integrity test are zeroized upon completion of the integrity test. After the ArubaOS firmware boot, the operator can determine the version of the loaded module through reviewing the log and by using the show version ArubaOS CLI command on the host (use the link in the section Full Documentation to refer to ArubaOS 8.10 Command-Line Interface Reference Guide and ArubaOS 8.10 User Guide).

6 Operational Environment

The operational environment is limited. The control plane Operating System (OS) is Linux, a multi-threaded operating system that supports memory protection between processes. Access to the underlying Linux implementation is not provided directly. Only Hewlett Packard Enterprise provided interfaces are used. The Hewlett Packard Enterprise Aruba OpenSSL Module is one of the components within the ArubaOS firmware package which runs on the host device. ArubaOS includes Command Line Interface (CLI) commands, some of which interact with the module via APIs. The ArubaOS CLI and the module APIs are restricted command sets. These operating control mechanisms protect against unauthorized execution, unauthorized modification, and unauthorized reading of SSPs, control and status data. The module was tested on the platforms listed above in section 2.3, Table 4, Tested Operational Environments.

7 Physical Security

The Hewlett Packard Enterprise Aruba OpenSSL Module is a firmware type module and obtains its physical security from the host platform. As per FIPS 140-3 for multiple-chip standalone cryptographic modules at Security Level 1, the host platform consists of production-grade components within a production-grade enclosure. The platforms listed above in section 2.3 meet these requirements.

8 Non-Invasive Security

Since the module has not been purposely designed, built and publicly documented to include non-invasive mitigation techniques, the Non-Invasive Security requirements are not applicable. 20| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 21
9 Sensitive Security Parameter (SSP) Management

The following are the Sensitive Security Parameters (SSPs) used in the module. As specified in the Zeroization column of the following table, the majority of SSPs/Keys used in the module are zeroized implicitly by rebooting the module, indicated implicitly via the successful completion of the module reboot service. The Hewlett Packard Enterprise Aruba OpenSSL Module is one of the components within the ArubaOS firmware package which runs on the host device, thus the module is rebooted when the host device is rebooted. ArubaOS includes CLI commands. As specified in the Zeroization column of the following table, there are a minority of SSPs/Keys used in the module that are stored in the host flash. The host flash can be zeroized explicitly by using the ArubaOS CLI command ‘wipe out flash’ on the host device. Table 15

1 DRBG 512 bits SP800-90A 64 bytes are Import: From N/A Stored in Zeroized by Entropy inputs to the

Entropy Input Rev1 retrieved from the Aruba CPU SDRAM rebooting the DRBG function, used to

2 DRBG Seed 384 bits SP800-90A Generated using Import: N/A N/A Stored in Zeroized by Input to the DRBG that

3 DRBG Key 256 bits SP800-90A Derived from the Import: N/A N/A Stored in Zeroized by This is the DRBG key used

Page 22

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

4 DRBG V 128 bits SP800-90A Derived from the Import: N/A N/A Stored in Zeroized by Internal V value used as

5 Diffie-Hellman 112 bits Diffie-Hellman Generated internally Import: From N/A Stored in Zeroized by Used during the IPSec

Private Key Group 14 in compliance with calling SDRAM rebooting the handshake to establish the

6 Diffie-Hellman 112 bits Diffie-Hellman Generated internally Import: From N/A Stored in Zeroized by Used during the IPSec

Public Key Group 14 in compliance with calling SDRAM rebooting the handshake to establish the

7 Diffie-Hellman 112 bits Diffie-Hellman N/A Import: N/A Established Stored in Zeroized by Used for deriving

Shared Secret Group 14 during Diffie- SDRAM rebooting the IPSec/IKE and SSH Export: To Hellman memory module. cryptographic keys.

8 EC Diffie- Curves: EC Diffie- Generated internally Import: From N/A Stored in Zeroized by Used for establishing EC

Hellman P-256 or Hellman by calling Approved calling SDRAM rebooting the Diffie-Hellman Shared Private Key P-384 DRBG (Cert. application memory module. Secret. Cert. #A2690 #A2690) during EC (plaintext).

Page 23

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

9 EC Diffie- Curves: EC Diffie- Generated internally Import: From N/A Stored in Zeroized by Used for establishing EC

Hellman P-256 or Hellman by calling Approved calling SDRAM rebooting the Diffie-Hellman Shared Public Key P-384 DRBG (Cert. application memory module. Secret. Cert. #A2690 #A2690) during EC (plaintext).

10 EC Diffie- Curves: EC Diffie- N/A Import: N/A Established Stored in Zeroized by Used for deriving

Hellman P-256 or Hellman during EC Diffie- SDRAM rebooting the IPSec/IKE and TLS Shared Secret Export: To Hellman memory module. cryptographic keys. P-384 Cert. #A2690 calling

11 RSA Private 128 bits RSA Private Generated by Import: From N/A Stored in host Zeroized by using Used for IKEv1, TLS,

Key Key calling Approved calling Flash memory ArubaOS Online Certificate Status

12 RSA Public 128 bits RSA Public Generated by Import: From N/A Stored in host Zeroized by using Used for IKEv1, TLS,

Key Key calling Approved calling Flash memory ArubaOS OCSP (signing OCSP

Page 24

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

13 ECDSA Curves: ECDSA Generated by Import: From N/A Stored in host Zeroized by using Used for IKEv1, TLS and

Private Key P-256 or SigGen calling Approved calling Flash memory ArubaOS EAP-TLS peers

14 ECDSA Public Curves: ECDSA Generated by Import: From N/A Stored in host Zeroized by using Used for IKEv1, TLS and

Key P-256 or SigGen calling Approved calling Flash memory ArubaOS EAP-TLS peers

15 IKE Pre- 8 - 64 Shared Secret N/A Import: From N/A Stored in host Zeroized by using Used for IKEv1 peers

Shared Key ASCII or calling Flash memory ArubaOS authentication.

64 HEX Cert. #A2690 application (plaintext). command ‘wipe

16 skeyid 160 / 256 / Shared Secret Derived via key Import: N/A N/A Stored in Zeroized by A shared secret known

135 Rev1 KDF (plaintext) IKEv1 protocol

(IKEv1). implementation. 24| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 25

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

17 skeyid_d 160 / 256 / Shared Secret Derived via key Import: N/A N/A Stored in Zeroized by A shared secret known

135 Rev1 KDF (plaintext) Authentication Key.

18 IKE Session 160 / 256 / HMAC-SHA-1/ Derived via key Import: N/A N/A Stored in Zeroized by The IKE session (IKE

Authentication 384 bits HMAC-SHA2- derivation function SDRAM rebooting the Phase I) authentication Key 256/384 defined in SP800- Export: N/A memory module. key. Used for IKEv1

19 IKE Session 128 / 192 / AES (CBC) Derived via key Import: N/A N/A Stored in Zeroized by The IKE session (IKE

Encryption 256 bits derivation function SDRAM rebooting the Phase I) encrypt key. Used Key Cert. #A2690 defined in SP800- Export: N/A memory module. for IKE payload protection.

20 IPSec Session 128 / 192 / AES (CBC) Derived via key Import: N/A N/A Stored in Zeroized by The IPSec (IKE phase II)

Encryption 256 bits and derivation function SDRAM rebooting the encryption key. Used for Key defined in SP800- Export: N/A memory module. IPSec traffics protection.

128 / 256 AES (GCM)

21 IPSec Session 160 bits HMAC-SHA-1 Derived via key Import: N/A N/A Stored in Zeroized by The IPSec (IKE Phase II)

Authentication derivation function SDRAM rebooting the authentication key. Used Key Cert. #A2690 defined in SP800- Export: To memory module. for IPSec traffics integrity

135 Rev1 KDF calling (plaintext). verification.

22 SSHv2 128 / 192 / AES (CBC) Derived via key Import: N/A N/A Stored in Zeroized by Used for SSHv2 traffics

Session Key 256 bits and derivation function SDRAM rebooting the protection. defined in SP800- Export: N/A memory module.

135 Rev1 KDF (plaintext).

Cert. #A2690 (SSHv2). 25| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 26

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

23 SSHv2 160 bits HMAC-SHA-1 Derived via key Import: N/A N/A Stored in Zeroized by Used for SSHv2 traffics

Session / HMAC- derivation function SDRAM rebooting the protection. Authentication SHA1-96 defined in SP800- Export: N/A memory module. Key 135 Rev1 KDF (plaintext). Cert. #A2690 (SSHv2).

24 TLS Pre- 112 to Shared Secret N/A Import: From DH/ECDH Stored in Zeroized by This key is generated by

Master Secret 8192 bits calling shared secret. SDRAM rebooting the the client and sent across Cert. #A2690 application memory module. to the server (controller),

25 TLS Master 384 bits Shared Secret Derived via key Import: N/A N/A Stored in Zeroized by Used for TLS traffics

Secret derivation function SDRAM rebooting the protection. Cert. #A2690 defined in SP800- Export: To memory module.

135 Rev1 KDF (plaintext).

(TLS). If TLS v1.2, application then uses TLS v1.2 version of KDF that supports RFC7627.

26 TLS Session 128 / 256 AES (CBC) Derived via key Import: N/A N/A Stored in Zeroized by Used for TLS traffics

Encryption bits and derivation function SDRAM rebooting the protection. defined in SP800- Export: N/A memory module. Key AES (GCM)

27 TLS Session 160 / 256 / HMAC-SHA-1/ Derived via key Import: N/A N/A Stored in Zeroized by Used for TLS traffics

Authentication 384 bits HMAC-SHA2- derivation function SDRAM rebooting the integrity verification. 256/384 defined in SP800- Export: To memory module. Key calling

Page 27

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

28 SNMPv3 8-31 ASCII Password N/A Import: From N/A Stored in host Zeroized by using Used for SNMPv3

Authentication characters calling Flash memory ArubaOS authentication. Password Cert. #A2690 application (plaintext). command ‘wipe

29 SNMPv3 128 bits AES (CFB) Derived via key Import: N/A N/A Stored in Zeroized by Used for SNMPv3

Authentication derivation function Export: To SDRAM rebooting the authentication. Key Cert. #A2690 defined in SP800- calling memory module.

30 SNMPv3 10-24 HEX Password N/A Import: From N/A Stored in host Zeroized by using A unique string used to

Engine ID characters calling Flash memory ArubaOS identify the SNMP engine. Cert. #A2690 application (plaintext). command ‘wipe

31 SNMPv3 128 bits AES (CFB) Derived via key Import: N/A N/A Stored in Zeroized by Used for SNMPv3 traffics

Privacy Key derivation function Export: To SDRAM rebooting the protection.

135 Rev1 KDF application (plaintext).

32 SNMPv3 8-31 ASCII Password N/A Import: From N/A Stored in host Zeroized by using A unique string used to

Privacy characters calling Flash memory ArubaOS protect SNMP privacy Protocol Cert. #A2690 application (plaintext). command ‘wipe protocol. Password Export: N/A out flash’ on

Page 28

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

33 WPA2/WPA3 8-63 ASCII Shared Secret N/A Import: From N/A Stored in host Zeroized by using Used for WPA2/WPA3

Pre-Shared or 64 HEX calling Flash memory ArubaOS client/server authentication. Secret characters Cert. #A2690 application (plaintext). command ‘wipe

34 WPA2/WPA3 256 bits Shared Secret N/A Import: From N/A Stored in Zeroized by Used to derive the Pairwise

Pair-Wise calling SDRAM rebooting the Transient Key (PTK) for Master Key Cert. #A2690 application (plaintext). module. WPA2/WPA3 (PMK) communications. Export: N/A

35 WPA2/WPA3 384 bits HMAC-SHA-1 Derived via key Import: N/A N/A Stored in Zeroized by Used to derive the

Pairwise derivation function SDRAM rebooting the WPA2/WPA3 Session Key. Transient Key Cert. #A2690 defined in SP800- Export: To memory module. (PTK) 108 Rev1 and calling (plaintext). SP800-56C Rev2. application

36 WPA2/WPA3 128 bits, AES (CCM) Derived during Import: From N/A Stored in Zeroized by Used as the WPA2/WPA3

Session Key and WPA2/WPA3 4-way calling SDRAM rebooting the Session Key.

37 WPA2/WPA3 256 bits Shared Secret Generated internally Import: N/A N/A Stored in Zeroized by Used to derive

Group Master by calling Approved SDRAM rebooting the WPA2/WPA3 Group Key (GMK) Cert. #A2690 DRBG (Cert. Export: To memory module Transient Key GTK. #A2690). calling (plaintext)

Page 29

Non-Proprietary Key / Security Security Import / Use and # SSP Name / Function and Generation Establishment Storage Zeroization Strength Export Related Keys Type Cert. Number

38 WPA2/WPA3 256 bits AES (CCM) N/A Import: N/A Derived from Stored in Zeroized by The GTK is the

Group and WPA2/WPA3 SDRAM rebooting the WPA2/WPA3 session key Transient Key Export: To GMK by using memory module used for broadcast AES (GCM) calling (GTK) the KDF defined (plaintext) communications protection. Cert. #A2690 application in SP800-108

Page 30
9.1 Non-Deterministic Random Number Generation Specification

Table 16

Page 31
10 Self-Tests

The module performs when powered on the Cryptographic Algorithm Self-Tests (CASTs) and Pre-Operational Self-Tests (POSTs). While the module is executing the cryptographic algorithm and pre-operational self-tests, services are not available, and input and output are inhibited. In addition, the module also performs Conditional self-tests. All cryptographic algorithm self-tests are run when the module is powered on, prior to the first operational use of the cryptographic algorithm. After the cryptographic algorithm, pre-operational, and conditional self-tests are passed successfully, the module transitions to the operational state. When a cryptographic algorithm self-test or pre-operational self-test fails, or when a conditional self-test fails, the module enters the Critical Error state (while in this state, the module provides no functionality and inhibits data output), logs the error, and reboots automatically. The Hewlett Packard Enterprise Aruba OpenSSL Module performs the following Pre-Operational Self-Tests (POSTs): Table 17

Page 32

Non-Proprietary Algorithm Test Properties Type Details Condition HMAC HMAC-SHA-1, HMAC-SHA2-256, KAT HMAC-SHA2-384, HMAC-SHA2-512 KAS-SSC-ECC Primitive ‘Z’ computation with P-256 curve KAT Ephemeral Unified SP 800-56A Rev3 based KAS-SSC-FFC Shared secret computation, p=2048, KAT dhEphem SP 800-56A Rev3 based q=256 Each run when module KDA Two-step KDF: HMAC-SHA-1, L=2048 KAT SP 800-56C Rev2 based powered on, which is prior to the first KBKDF HMAC-SHA-1, HMAC-SHA2-256, KAT SP 800-108 Rev1 based key derivation operational use of the HMAC-SHA2-384 cryptographic algorithms KDF135 HMAC-SHA-1 KAT SP 800-135 Rev1 based key derivation: IKEv1, TLS, SSH, SNMP RSA 2048, PKCS#1-v1.5 KAT Sign, Verify SHS SHA-1, SHA-256, SHA-384, SHA-512 KAT Table 19

5.6.2.1.4 for PCT

RSA key pairs 2048, PKCS#1-v1.5 PCT Sign, Verify Self-Test Types: KAT = Known Answer Test, PCT = Pairwise Consistency Test 32| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 33

Non-Proprietary To see the results of the self-tests run by the module, use the ArubaOS CLI command on the host device: show log crypto all Upon successful completion of the power-up self-tests, the module displays results on the host device console: Completed OpenSSL FIPS KAT test successfully. In the event any self-test fails, the module will enter a Critical Error state (while in this state, the module provides no functionality and inhibits data output), logs the error, and reboots automatically. After a self-test failure, the module displays on the host device console: FIPS POST: FAIL Rebooting… When the firmware integrity test fails at power-up, the module enters the Critical Error state, where the invalid host ArubaOS firmware file is deleted to clear the error. The host device will automatically reboot from the backup ArubaOS image on the secondary partition. The module displays on the host device console: FATAL FIPS SELFTEST FAILURE Rebooting… 33| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 34
11 Life-Cycle Assurance

The Hewlett Packard Enterprise Aruba OpenSSL Module is a firmware type module, and must run on an Hewlett Packard Enterprise hardware unit (e.g., Controller, Gateway, Conductor, or Access Point) or virtual appliance (e.g., VMWare ESXi or open source KVM hypervisor running on a hardware server unit (e.g., HPE ProLiant ML110 Gen10 or HPE EdgeLine 20)). ArubaOS is the operating system for Hewlett Packard Enterprise Mobility Conductors, Mobility Controllers/Gateways, and controller-managed Hewlett Packard Enterprise Access Points (APs). The Hewlett Packard Enterprise Aruba OpenSSL Module (firmware) is one of the Hewlett Packard Enterprise cryptographic modules that provide cryptographic services for the host ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.

11.1 Start-up Procedures

The Hewlett Packard Enterprise Aruba OpenSSL Module is one of the components within the ArubaOS firmware package in electronic form and is installed automatically when a trusted and verified ArubaOS is booted on an Hewlett Packard Enterprise host device. ArubaOS firmware in electronic form is installed by Hewlett Packard Enterprise technical support personnel or downloaded from the HPE Networking Support Portal (NSP) by authenticated licensed customer personnel.

11.1.1 Setting Up the Hewlett Packard Enterprise Controller, Gateway, Conductor, or

Controller-managed Access Point (AP) and Running Hewlett Packard Enterprise Aruba OpenSSL Module Automatically The Crypto Officer shall perform the following steps to set-up the Hewlett Packard Enterprise Controller, Gateway, Conductor, or controller-managed Access Point (AP) either as a host hardware unit or a virtual appliance:

  1. Since the Hewlett Packard Enterprise Aruba OpenSSL Module firmware is a component of ArubaOS and is installed automatically when a trusted and verified ArubaOS firmware image is booted successfully on the Hewlett Packard Enterprise host device, the Crypto Officer (CO) shall review the ArubaOS 8.10 Getting Started Guide, ArubaOS 8.10.0.x AP Software Quick Start Guide, and ArubaOS 8.10 Virtual Appliance Installation Guide. Select the Hewlett Packard Enterprise host device running ArubaOS deployment scenario that best fits your installation and follow the scenario’s deployment procedures.
  2. Connect your PC or workstation to a line port (or virtual port mapped to the module interface) on the Hewlett Packard Enterprise Controller, Gateway, Conductor, or controller-managed Access Point (AP).
  3. Enable power to the Hewlett Packard Enterprise Controller, Gateway, Conductor, or controllermanaged Access Point (AP).
  4. Monitor the Hewlett Packard Enterprise host device boot progress messages on the console.
  5. Once ArubaOS is loaded successfully and operating normally on the Hewlett Packard Enterprise host device, check the console messages to make sure that all the power-up self-tests passed. a. Check that the following console message is displayed: Completed OpenSSL FIPS KAT test successfully. b. As specified in the Self-Tests section, if any of the checks fail, error messages will be displayed on the console. If the errors persist after the Hewlett Packard Enterprise device is rebooted, contact Hewlett Packard Enterprise.
  6. Enable the Approved mode with the ArubaOS CLI on the host. a. Login to the Hewlett Packard Enterprise Controller, Gateway, or Conductor following the guidance from step 1. above (a controller-managed Access Point (AP) is placed in the Approved mode using a Staging Controller in the Approved mode as per the Aruba AP Software Quick Start Guide). 34| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy
Page 35

Non-Proprietary b. Enable the Approved mode using the following ArubaOS CLI commands on the host: #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (config) #fips enable (config) #exit #write memory Saving Configuration... Configuration Saved. c. To verify the Approved mode has been enabled, issue the ArubaOS CLI command on the host: show fips to see: FIPS Settings: Mode Enabled

11.2 Full Documentation

Documentation for any Hewlett Packard Enterprise product can be found on the HPE Networking Support Portal (NSP). Filters can be used to limit the displayed results by Product(s), Product Series, Version(s), and File Category. For example,

11.2.1 Related Hewlett Packard Enterprise Documents

The following Hewlett Packard Enterprise documents can be referenced to ensure that ArubaOS and the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances that run ArubaOS are installed and operated correctly in the Approved mode:

11.2.2 Administrator Guidance

The Crypto Officer must ensure that the module is kept in the Approved mode of operation. To keep the module in the Approved mode, abide by section 11.1, Start-up Procedures, section 2.9, Non-Approved Algorithms Not Allowed in the Approved Mode of Operation, and section 4.3.2, Non-Approved Services.

11.2.3 Non-Administrator Guidance
11.2.4 Maintenance Requirements

Not Applicable (N/A) 35| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy

Page 36
11.3 End of Life

To determine if an Hewlett Packard Enterprise product is considered end of life, refer to the Hewlett Packard Enterprise end-of life information at https://networkingsupport.hpe.com/end-of-life. If an Hewlett Packard Enterprise product is deemed end-of-life, the CO should work with their Hewlett Packard Enterprise representative to determine the appropriate Hewlett Packard Enterprise product upgrade path to use a newer Approved version. For secure sanitization and zeroization of SSP values, the CO should follow the guidance in the Zeroization service entry above in Table 13, Approved Services to wipe out host flash and reboot the module. Since the module is a component of ArubaOS, if the module is deprecated, the module will be upgraded to a newer Approved validated version by loading and booting a newer validated version of ArubaOS with the help of an Hewlett Packard Enterprise-Certified Mobility Professional (ACMP).

12 Mitigation of Other Attacks

The module has not been purposely designed, built and publicly documented to mitigate one or more specific attacks. The Mitigation of Other Attacks requirements are not applicable, per FIPS 140-3 IG 12.A. 36| Hewlett Packard Enterprise Aruba OpenSSL Module Firmware Version 1.0 FIPS 140-3 Level 1 Security Policy