This section lists the algorithms that can be used in FIPS 1402 mode and the algorithms that should be avoided.
To ensure that a consumer of the Cryptographic Framework is using a FIPS 1402 validated algorithm, choose an algorithm from the following summary of validated algorithms, modes, and key lengths.
For the definitive lists of algorithms, review the security policy references in FIPS 1402 Level 1 Guidance Documents for Oracle Solaris Systems.
AES – With the following modes and key lengths only:
CBC mode – 128bit, 192bit, and 256bit key lengths
CCM mode – 128bit, 192bit, and 256bit key lengths
CFB mode – 128bit key length
CTR mode – 128bit, 192bit, and 256bit key lengths
ECB mode – 128bit, 192bit, and 256bit key lengths
GCM mode – 128bit, 192bit, and 256bit key lengths
XTS mode – 256bit and 512bit key lengths, for storage only
3DES – In CBC and ECB modes for keying option 1.
DiffieHellman – Used in key agreement, in 2048bit to 5012bit key lengths, userland Cryptographic Framework only.
EllipticCurve DiffieHellman (ECDH) – Allowed for use in key agreement in 2048bit to 5012bit key lengths, userland Cryptographic Framework only.
DSA – 2048bit key length and longer.
ECC – With the following curves only. ECC contributes to ECDSA and ECDH. The first name is the NIST name; the second name is its equivalent in Oracle Solaris.
P192 – secp192r1
P224 – secp224r1
P256 – secp256r1
P384 – secp384r1
P521 – secp521r1
B163 – sect163r2
B233 – sect233r1
B283 – sect283r1
B409 – sect409r1
B571 – sect571r1
K163 – sect163k1
K233 – sect233k1
K283 – sect283k1
K409 – sect409k1
K571 – sect571k1
HMAC SHA1 – Has no variants.
HMAC SHA2 – 224bit to 512bit key lengths.
ECDSA SHA1 – Signature verification.
ECDSA SHA2 – Key generation and signature generation and verification.
RSA – 2048bit key length and longer, with SHA1, and SHA2 with 256bit to 512bit key lengths.
SHA1 – Has no variants.
SHA2 – 224bit to 512bit key lengths.
SHA512/224 – A truncated version of SHA512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 1804 (https://csrc.nist.gov/publications/detail/itlbulletin/2012/05/securehashstandardupdatedspecificationsapprovedandissued/final).
SHA512/256 – A truncated version of SHA512, where the initial values are generated by using the method described in Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 1804.
swrand – Software entropy source the kernel Cryptographic Framework. Both kernel and userland have a NISTapproved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf).
intelrd – Hardware entropy source in the kernel Cryptographic Framework. Both kernel and userland have a NISTapproved DRBG (Deterministic Random Bit Generator). See Recommendation for Random Number Generation Using Deterministic Random Bit Generators.
The following algorithms with specified key lengths are allowed in a FIPS 1402 configuration:
RSA key wrapping – Key lengths longer than 112 bits are allowed.
DiffieHellman key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.
Elliptic Curve DiffieHellman (ECDH) key agreement – Key lengths longer than 112 bits are allowed, userland Cryptographic Framework only.
In FIPS 1402 mode, you cannot use an algorithm from the following summarized list of algorithms even if the algorithm is implemented in the Cryptographic Framework or is a FIPS 1402 validated algorithm for another provider.
For the definitive lists of algorithms, review the security policy references in FIPS 1402 Level 1 Guidance Documents for Oracle Solaris Systems.
Twokey TripleDES – A weak algorithm that provides only 80 bits of security.
MD5 and HMAC MD5 – Message Digest Algorithm 5 can be used in FIPS 1402 mode with TLS only.
The MD5 algorithm, developed by Ron Rivest in 1991, produces a 128bit hash value. MD5 is commonly used to verify data integrity. MD5 is not suitable for applications like SSL certificates or digital signatures that rely on collision resistance for digital security.
RC4 – Also known as ARCFOUR or ARC4, RC4 is a software stream cipher that is used in Transport Layer Security (TLS) to protect Internet traffic, and in WEP to secure wireless networks. RC4 is demonstrably vulnerable when the beginning of the output keystream is not discarded or when keys are not random.
AES – Modes not explicitly validated, such as XCBCMAC, XCBCMAC96, CMAC, and CTS.
Blowfish – A symmetric key block cipher, designed in 1993 by Bruce Schneier, that is not proprietary.
Camellia – Developed in Japan, is comparable to AES, and is designed to be suitable for both software and hardware implementations, from lowcost smart cards to highspeed network systems.
DES – Data Encryption Standard, developed by IBM, was published as an U.S. Federal Information Processing Standard (FIPS) in 1977. In today's computing environment, its 56bit key length is weak.
DSA key generation – The 512bit and 1024bit key lengths are weak. Longer key lengths are validated for userland Cryptographic Framework only.
DSA signature generation – The 512bit and 1024bit key lengths are weak. Longer key lengths are validated for userland Cryptographic Framework only.
DSA signature verification – The 512bit key length is weak. Longer key lengths are validated for userland Cryptographic Framework only.
SHA3 – All variants.
RSA key wrapping – The key lengths less than 112 bits are weak. Longer key lengths are allowed for FIPS 1402.
RSA signature generation – The 256bit, 512bit, and 1024bit key lengths are weak. Longer key lengths are validated for FIPS 1402.
RSA signature verification – The 256bit and 512bit key lengths are weak. Longer key lengths are validated for FIPS 1402.
DiffieHellman – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.
ECDH – Key lengths less than 112 bits are weak. Longer key lengths are allowed for key agreement, userland Cryptographic Framework only.
The security policies in the following table provide a complete list of cryptographic mechanisms that are validated to run in FIPS 1402 mode on Oracle Solaris.
Table 1 FIPS 1402 Certificates and Security Policies for Provider Modules in Oracle Solaris

The following FIPS 1402 standard document and transitions document provide guidance about the FIPS 1402 process and deprecated or restricted algorithms and their weaker variants: