Re: Open SSH and FIPS 140-2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Are you sure that is true? Where in that doc does it say a product or the crypto part of the product inherits FIPS certified if you compile it correctly?

I'm pretty sure our products with open source code still goes to a lab to be FIPS certified. Can't see how you can get a FIPS certificate w/out being formally tested. You're product might run FIPS certified code but it won't be FIPS certified.

At 11:49 AM 11/10/2010, AMuse wrote:

>Paul: When you compile OpenSSH against OpenSSL in FIPS mode, your OpenSSH will inherit the FIPS 140-2 certification which applies to OpenSSL.
>
>More info here:  http://www.openssl.org/docs/fips/UserGuide-1.2.pdf
>
>On 11/10/10 8:32 AM, Hrolenok, Paul wrote:
>>I have an application where I have to implement SFTP file transfers with FIPS 140-2 certified encryption.
>>I've been trying to find out if I can use Open SSH for this or if I have to buy a commercial solution.
>>Essentially I have two questions.
>>
>>1) Can I compile Open SSH from source using the Open SSL Fips sources and "inherit" the Fips certification?
>>2) Has anybody compiled Open SSH using the Fips Open SSL sources and can they give me any pointers on how to do that?
>>
>>Any data on the difficulty or time involved would be appreciated since I have to justify the final decision to
>>my $BOSS.  I would be doing this on a Sun SPARC system running Solaris 10.  I have access to both gcc and the
>>Sun Workshop compilers and would appreciate any insight on either or both.
>>
>>TIA
>>Paul
>>
>>Paul S. Hrolenok
>>Senior Consultant
>>ID Services Group
>>http://www.intelligent.net
>>Recognized on Washingtonian Magazine's 50 Great Places to Work list - 2009



[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux