Hi Jakub, Another question I have is, are there any changes in this patch RedHat Linux distribution specific? The reason I ask is, if I port the changes to other Linux distribution like Debian or Ubuntu, do you see any issues? Thanks. On Fri, Dec 4, 2015 at 12:58 PM, security veteran < security.veteran@xxxxxxxxx> wrote: > Thanks Jakub. > > How does this patch match the OpenSSH source version? Does the patch only > applicable to OpenSSH version 6.6.1, or does other version available as > well? > > Thanks. > > > On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > >> >> On 12/04/2015 03:26 AM, security veteran wrote: >> >>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >>> make it FIPS complaint? >>> >>> 4. Does the RedHat OpenSSH FIPS modules ( >>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf >>> ) >>> also open sourced to the OpenSSH community? >>> >> Yes, what we ship in RHEL is open-source. You can pick up sources that >> are actually used in RHEL version in CentOS repository: >> https://git.centos.org/summary/?r=rpms/openssh >> >> So as said before, upstream openssh is not FIPS-140 ready and we carry >> the patches downstream. I am not sure if there was initiative to provide >> patches upstream or if there would be some interest in them here, since it >> is quite special use case. >> >> -- >> Jakub Jelen >> Security Technologies >> Red Hat >> >> > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev