search for: 140sp1791

...ions are: 1. Does OpenSSH support FIPS mode? 2. Or does OpenSSH support with OpenSSL FIPS modules? 3. Is there a way to re-compile OpenSSH by turning on/off some flags to make it FIPS complaint? 4. Does the RedHat OpenSSH FIPS modules ( http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) also open sourced to the OpenSSH community? Thanks.

...> On 12/04/2015 03:26 AM, security veteran wrote: > >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> > Yes, what we ship in RHEL is open-source. You can pick up sources that are > actually used in RHEL version in CentOS repository: > https://git.centos.org/summary/?r=rpms/openssh > > So as said before, upstream opens...

...does OpenSSH support with OpenSSL FIPS modules? >> >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> >> Redhat use different FIPS validation process for OpenSSL. You could > extract fips patch from source package. > Impact is not only for source code. Build process has to be updated as > well. Red Hat is based on &qu...