Re: Status of OpenSSL 1.1 support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello Sebastian,

Sebastian Andrzej Siewior wrote:
Hi,

more or less a year ago Kurt Roeckx provided an initial port towards the
OpenSSL 1.1 API [0]. [SNIP]

You could use PKIX-SSH - http://roumenpetrov.info/secsh/ .

Recent version 11.0, offers "forward" compatibility with OpenSSL, i.e. supports "STORE"-API that will be in 1.1.1. PKIX-SSH offers compatibility even with alpha versions of OpenSSL 1.1 API - for instance PKIX-SSH 8.7 works with 1.1.0-pre1 and 1.1.0-pre2 ( http://roumenpetrov.info.example.net/secsh/index-20160310.html#news20160116 ) .
Ancient versions of OpenSSL cryptographic library are supported as well.
PKIX-SSH works fine with specific library builds like FIPS enabled or Kerberos enabled.

Also you could build PKIX-SSH with openssl compatible libraries but be careful with X.509 algorithms - as some OpenSSL CVE defects may be are not fixed yet into compatible libraries.

You could find prebuild binaries for Android devices packaged into SecureBox .

Sebastian

Regards,
Roumen Petrov


--
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux