Re: OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 


On 12/04/2015 03:26 AM, security veteran wrote:

3. Is there a way to re-compile OpenSSH by turning on/off some flags to
make it FIPS complaint?

4. Does the RedHat OpenSSH FIPS modules (
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
also open sourced to the OpenSSH community?
Yes, what we ship in RHEL is open-source. You can pick up sources that are actually used in RHEL version in CentOS repository: 
https://git.centos.org/summary/?r=rpms/openssh
So as said before, upstream openssh is not FIPS-140 ready and we carry the patches downstream. I am not sure if there was initiative to provide patches upstream or if there would be some interest in them here, since it is quite special use case. 

--
Jakub Jelen
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux