On 12/04/2015 03:26 AM, security veteran wrote:
3. Is there a way to re-compile OpenSSH by turning on/off some flags to
make it FIPS complaint?
4. Does the RedHat OpenSSH FIPS modules (
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
also open sourced to the OpenSSH community?
Yes, what we ship in RHEL is open-source. You can pick up sources that
are actually used in RHEL version in CentOS repository:
https://git.centos.org/summary/?r=rpms/openssh
So as said before, upstream openssh is not FIPS-140 ready and we carry
the patches downstream. I am not sure if there was initiative to provide
patches upstream or if there would be some interest in them here, since
it is quite special use case.
--
Jakub Jelen
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev