Alternate Open Source Crypto Solution in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello OpenSSH Developers and Community,



wolfSSL (formerly known as CyaSSL) is a dual licensed SSL/TLS
implementation specializing in the embedded space. As we have grown we are
being used in larger systems due to our reduced resource consumption on a
per-session basis. Many have found that their servers are able to service
more connections by replacing OpenSSL with wolfSSL.

Our engineers have recently completed a port to OpenSSH. This port rips
OpenSSL out of OpenSSH and inserts wolfSSL in its place.



So why would you care about OpenSSL or wolfSSL, what does it really matter
anyway?



1.     wolfSSL offers a pluggable Federal Information Processing Standard
(FIPS 140-2) certified crypto library.

a.     Read more about FIPS in wolfSSL
<https://wolfssl.com/wolfSSL/fips.html>.

b.     See our FIPS certification.
<http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2425>



2.     OpenSSL has suffered over the past few years with too many
contributions from a variety of sources. The lack of testing and
verification of each submission to OpenSSL has resulted in numerous
security vulnerabilities.

3.     We are very selective about who can submit code to our libraries and
each commit is tested extensively to ensure the best security is always
provided for our customers.

4.     We would like to provide consumers of OpenSSH with an alternate
crypto solution.



We have actively been testing our port on Linux and Mac OS X.

If this is something that interests you, we would like to formally extend
an invitation to test our port on the OS you use, and provide
feedback/suggestions on your results.



Thank you for your time.

Details on getting a copy of our port, the wolfSSL libraries, and feedback
channels can be found below.




OpenSSH port Location: https://github.com/kaleb-himes/openssh-portable.git



wolfSSL Location: https://github.com/wolfSSL/wolfssl.git

                              or download from our website:


https://wolfssl.com/wolfSSL/download/downloadForm.php



>From your terminal:

git clone https://github.com/kaleb-himes/openssh-portable.git
git clone https://github.com/kaleb-himes/wolfssl.git

cd wolfssl
./autogen.sh
./configure --prefix=/usr/local/lib --enable-openssh && make && sudo make
install

cd ..
cd openssh-portable
autoreconf
./configure --with-wolfssl=/usr/local/lib --with-pam && make && make tests

Our Jenkins server is now using this port to actively checkout changes from
github and is also running all slave nodes using SSH with this port. This
provides us with some real-world testing in addition to the unit tests.

Feedback can be sent to: info@xxxxxxxxxxx or support@xxxxxxxxxxx



Additional Feedback Avenue: http://www.wolfssl.com/forums/



Sources:

"Portable OpenSSH." www.openssh.com. Accessed December 31, 2015.
http://www.openssh.com/portable.html.



Kaleb Himes

www.wolfssl.com

kaleb@xxxxxxxxxxx

Skype: kaleb.himes

+1 406 381 9556
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux