Hi, We currently work on a project that require SSH server with FIPS and using OpenSSL v3. Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side? Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant? We just started considering making this and send the patch, but we are speaking of thousands of lines probably, what will be the perception of this on your side? Thanks, Joel
Hi Joel, Joel GUITTET wrote:> Hi, > We currently work on a project that require SSH server with FIPS and using OpenSSL v3.There is no way to work with OpenSSL v3 due to many reasons. If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH. Regards, Roumen Petrov -- Advanced secure shell implementation with X.509 certificate support http://roumenpetrov.info/secsh/
On Fri, 10 Mar 2023, Joel GUITTET wrote:> Hi, > We currently work on a project that require SSH server with FIPS and using OpenSSL v3. > Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?Patching OpenSSH for what exactly? OpenSSH builds just fine using OpenSSL 3.x and indeed it is tested constantly via our github test infrasructure (e.g. https://github.com/openssh/openssh-portable/actions/runs/4381500619/jobs/7669643412)