Get Image
The SUSE Linux Enterprise 15 SP3 LTSS FIPS-140-2 container image
Description
This SUSE Linux Enterprise 15 SP3 LTSS-based container image includes the SLES 15 FIPS-140-2 certified OpenSSL and libgcrypt modules. The image is designed to run on a FIPS-140-2 compliant SUSE Linux Enterprise Server 15 SP3 host environment. Although it is configured to enforce FIPS mode, the FIPS certification requires a host kernel in FIPS mode to be fully compliant.
The FIPS-140-2 certified OpenSSL module is a cryptographic module that provides a FIPS-140-2 compliant cryptographic library. The module is certified by the National Institute of Standards and Technology (NIST).
The FIPS-140-2 certified OpenSSL module is a drop-in replacement for the standard OpenSSL library. It provides the same functionality as the standard OpenSSL library, with additional security features to meet the FIPS-140-2 requirements.
Similarly, the FIPS-140-2 certified libgcrypt module is a drop-in replacement for the standard libgcrypt library. It provides the same functionality as the standard libgcrypt library, with the additional security features enforced to meet FIPS-140-2 requirements.
Usage
The image is configured to enforce the use of FIPS mode by default, independent of the host environment setup by specifying the following environment variables:
OPENSSL_FIPS=1
: Initialize the OpenSSL FIPS modeOPENSSL_FORCE_FIPS_MODE=1
: Set FIPS mode to enforcing independent of the host kernelLIBGCRYPT_FORCE_FIPS_MODE=1
: Set FIPS mode in libgcrypt to enforcing
Below is a list of other environment variables that can be used to configure the OpenSSL library:
OPENSSL_ENFORCE_MODULUS_BITS=1
: Restrict the OpenSSL module to only generate the acceptable key sizes of RSA. ## Accessing the container image
Accessing this container image requires a valid SUSE subscription. In order to access the container image, you must login to the SUSE Registry with your credentials. There are three ways to do that which are described below. The first two methods leverage the system registration of your host system, while the third method requires you to obtain the organisation SCC mirroring credentials.
Use the system registration of your host system
If the host system you are using to build or run a container is already registered with the correct subscription required for accessing the LTSS container images, you can use the registration information from the host to log in to the registry.
The file /etc/zypp/credentials.d/SCCcredentials
contains a username and a password.
These credentials allow you to access any container that is available under the
subscription of the respective host system. You can use these credentials to log
in to SUSE Registry using the following commands
(use the leading space before the echo command to avoid storing the credentials in the
shell history):
set +o history
echo PASSWORD | podman login -u USERNAME --password-stdin registry.suse.com
set -o history
Use a separate SUSE Customer Center registration code
If the host system is not registered with SUSE Customer Center, you can use a valid SUSE Customer Center registration code to log in to the registry:
set +o history
echo SCC_REGISTRATION_CODE | podman login -u "regcode" --password-stdin registry.suse.com
set -o history
The user parameter in this case is the verbatim string regcode
, and
SCC_REGISTRATION_CODE
is the actual registration code obtained from SUSE.
Use the organization mirroring credentials
You can also use the organization mirroring credentials to log in to the SUSE Registry:
set +o history
echo SCC_MIRRORING_PASSWORD | podman login -u "SCC_MIRRORING_USER" --password-stdin registry.suse.com
set -o history
These credentials give you access to all subscriptions the organization owns, including those related to container images in the SUSE Registry. The credentials are highly privileged and should be preferably used for a private mirroring registry only.
Licensing
SPDX-License-Identifier: MIT
This documentation and the build recipe are licensed as MIT. The container itself contains various software components under various open source licenses listed in the associated Software Bill of Materials (SBOM).
This image is based on SUSE Linux Enterprise Server, a reliable, secure, and scalable server operating system built to power mission-critical workloads in physical and virtual environments.
-
Image Data
Last Built: 11 Dec 15:25 UTC
Compressed Size: 49.1 MB
Uncompressed Size: 127.5 MB
Support Level: L3
Supported until: 31 Dec 2025
-
-
Health Index
F3:C14:H30:M3:L0:ULast Scan:
about 23 hours ago