My office is working with government contracts, and it appears that they are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year. We have been able to compile OpenSSL to create the container, but all the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs from: https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit build in 5.4p1 will a little find/replace version magic? Any chance that this will show up in the OpenBSD snaps, as I just found out you have PKI integration. Thank you Bryan Brake
Bryan wrote:> My office is working with government contracts, and it appears that they > are wanting FIPS enabled OpenSSL and OpenSSH is coming in the next year. > We have been able to compile OpenSSL to create the container, but all > the diffs to enable FIPS 140-2 in OpenSSH are for 5.3p1. Will the diffs > from: > > https://bugzilla.mindrot.org/attachment.cgi?id=1789&action=edit > > build in 5.4p1 will a little find/replace version magic? Any chance that > this will show up in the OpenBSD snaps, as I just found out you have PKI > integration.No OpenSSH don't support PKI.> Thank you > Bryan BrakeRoumen -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/
Possibly Parallel Threads
- OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
- OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
- OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
- using sshd in fips mode
- [Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end