Re: Alternate Open Source Crypto Solution in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon 2016-01-04 20:35:05 -0500, Bostjan Skufca wrote:

> Would it make sense to refactor (if it is not done yet) openssh to use
> generic API for communicating with any SSL implementation? Or is the
> general stance on this subject "the new SSL implementation should provide
> openssl-compatible API to be usable with openssh"?

OpenSSH doesn't use any of the "SSL" (or TLS) features of OpenSSL.  It
just uses it for its library of cryptoprimitives.  There have been
several mentions of possibly swapping out crypto libraries in the past
(a few in the last few months iirc), but it is currently not designed
with such a platform-independent crypto-primitive API in mind.

Damien, you said you're uninterested in linking to a GPL library -- is
OpenSSH policy the same for LGPL libraries as well? (i'm thinking of
nettle, which is licensed LGPL-2.1+, and has a very nice API for
cryptoprimitives)

     --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux