A cryptographic module is a set of hardware, software, or firmware that implements security functions. ESXi uses several FIPS 140-2 validated cryptographic modules.
The following table shows the set of FIPS 140-2 validated cryptographic modules in use by ESXi.
| Cryptographic Module | Version | Algorithms (CAVP) | Certificate Number |
|---|---|---|---|
| VMkernel Cryptographic Module | 2.0 | AES-CBC, AES-CBC-CS3, AES-CTR, AES-ECB, AES-GCM, AES-XTS Testing Revision 2.0, Counter DRBG, HMAC-SHA-1, HMAC-SHA2-256, HMAC-SHA2-512, SHA-1, SHA2-256, SHA2-512 (A2792) | Certificate in progress |
| OpenSSL FIPS Object Module | 3.0 | AES, CKG, CVL, DRBG, DSA, ECDSA, HMAC, KAS-RSA-SSC, KAS-SSC, KBKDF, KDA, KMAC, KTS, KTS-RSA, PBKDF, RSA, SHA-3, SHS, Triple-DES (A1938) | Certificate #4282 |
| VMware OpenSSL FIPS Object Module | 2.0.20-vmw | AES, CKG, /drbg, DSA, ECDSA, HMAC, KAS-SSC, RSA, SHS, Triple-DES (C470) | Certificate #3857 |
| VMware's ESXboot Cryptographic Module | 1.0 | HMAC-SHA2-224, RSA SigVer (FIPS186-4), SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Certificate #4442 |
| VMware's Boring Crypto Module | 6.0 | AES, CVL, DRBG, ECDSA, HMAC, KAS, KAS-SSC, KTS, RSA, SHS, Triple-DES (A4970) | Certificate #4694 |
