On Sun, Mar 12, 2023 at 2:48 AM Damien Miller <djm@xxxxxxxxxxx> wrote: > > > > On Fri, 10 Mar 2023, Joel GUITTET wrote: > > > Hi, > > We currently work on a project that require SSH server with FIPS and using OpenSSL v3. > > Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side? > > Patching OpenSSH for what exactly? OpenSSH builds just fine using OpenSSL 3.x > and indeed it is tested constantly via our github test infrasructure (e.g. > https://github.com/openssh/openssh-portable/actions/runs/4381500619/jobs/7669643412) If OpenSSH doesn't rely on OpenSSL deprecated functions in crypto operations, it will be fips-compatible when used with properly configured OpenSSL. We in Red Hat are working on the minimal patch to provide it. Also it's necessary to use combined methods for Digest + Signature/Verification. -- Dmitry Belyavskiy _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
