Displaying 20 results from an estimated 1000 matches similar to: "Is there any plan for OpenSSH to support FIPS?"
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team,
I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2006 Apr 15
2
OpenSSH fips compliance
Hello All,
Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now
that a fips certified OpenSSL is now available at
http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of
any patches applicable for OpenSSH versions to make it fips compliant. Is
there any idea for OpenSSH core team to make OpenSSH as fips compliant? What
amount of work it needs at this
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2013 Oct 31
0
Older ssh clients can't connect to sshd (6.3p1) built using FIPS object module 2.0.5
Hi,
ssh server: OpenSSH_6.3-FIPS, OpenSSL FIPS Object Module v2.0.5
ssh client: OpenSSH_5.3p1, OpenSSL FIPS Object Module v1.2
We have built and installed FIPS object module (v2.0.5) using
http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
Using this FIPS object module, we have build FIPS capable openssl as well.
Note that we have "not" used ecp version (with binary curve
2011 Sep 25
0
sshd 5.6p1 does not accept connections in fips mode
Hi,
I was trying to run sshd after applying the fips patches mentioned in
http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh
but for some reason sshd refuses to accept the connection. I guess I do
something terribly wrong. Is there a reason that this is bound to fail?
These 5.6 patches were the most recent I could find. Are there any fips
patches
2018 Oct 02
2
Is samba FIPS compliant ? Can it be build with openssl ?
Thanks for the quick reply Jeremy.
We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ?
~ Mike
-----Original Message-----
From: Jeremy Allison <jra at samba.org>
Sent: Tuesday, October 2, 2018 2:08 PM
To: Tompkins, Michael <Michael.Tompkins at xerox.com>
Cc:
2016 Jul 20
1
Tinc and FIPS mode fails to connect.
Hello,
I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17
(built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both
test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify
or add fips=1 to your grub2 command line ). We need our test servers
running in FIPS mode due to a minimum requirement for our project. OpenSSL
in CentOS/RHEL has
2006 Jun 16
0
[Bug 1197] Enhancement request to enable fips compatibility mode in OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1197
Summary: Enhancement request to enable fips compatibility mode in
OpenSSH
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
URL: http://csrc.nist.gov/cryptval/140-1/140sp/140sp642.pdf
http://www.openssl.org/docs/fips/UserGuide-1.0.pdf
2015 Oct 23
1
OpenSSL and OpenSSH on CentOS (FIPS enabled)
Hi experts,
Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions?
Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode:
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
On Tue, 18 Apr 2023, Norbert Pocs wrote:
> Hi OpenSSH mailing list,
>
> I would like to announce the newly introduced patch in Fedora rawhide [0]
> for
>
> FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
>
> version.
>
> The patch targets OpenSSL support of OpenSSH, specifically the usage of
>
> old low level API. The new
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 7:13?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 18 Apr 2023, Norbert Pocs wrote:
>
> > Hi OpenSSH mailing list,
> >
> > I would like to announce the newly introduced patch in Fedora rawhide [0]
> > for
> >
> > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> >
2023 Mar 10
2
OpenSSH FIPS support
On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET
<jguittet.opensource at witekio.com> wrote:
> We currently work on a project that require SSH server with FIPS and
> using OpenSSL v3.
Gently: this is meaningless. You probably mean one of the following:
1. The SSH server implementation is required to use only cryptographic
algorithms that are FIPS-approved.
2. The SSH server
2012 Feb 24
2
[Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q
https://bugzilla.mindrot.org/show_bug.cgi?id=1987
Bug #: 1987
Summary: FIPS signature verification incompatibility with
openssl versions > 0.9.8q
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2008 Nov 26
0
[RFE] Request support for FIPS mode support
Greetings,
As those working in the government sector (US and Canada) already know,
compliance with FIPS 140-2 is a significant issue. While there are a few
patches out there that add support for FIPS mode to OpenSSH, it is not
currently in the mainstream.
With the recent validation of the 1.2 version of the OpenSSL FIPS
cryptographic object module, is there any chance that support could be
added
2005 Feb 18
0
OpenSSH and OpenSSL 0.9.7.e with FIPS
Michael Selvesteen wrote:
>I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling
>FIPS. I found in the FIPS document that OpenSSL now contains the
>FIPS 140 specific cryptographic API and algorithm implementations
>only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
>SHA-1). Does it have any functional impacts on SSH.
>
>Will all the
2013 Oct 30
0
yum fails in FIPS mode
I guess my Google-fu wasn't up to this one!
I have a system running CentOS 5.9 32-bit running in FIPS mode that I
would like to update. Unfortunately, it fails when attempting to run
"yum update". I've disabled all the repositories except for base and
updates and still get the same issue, an error carping about an
algorithm forbidden by FIPS. Here's what I see:
>
2023 Apr 18
1
FIPS compliance efforts in Fedora and RHEL
On 4/18/23 05:05, Norbert Pocs wrote:
> Hi OpenSSH mailing list,
>
> I would like to announce the newly introduced patch in Fedora rawhide [0]
> for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> version.
Why does Fedora care about FIPS 140? To me, this seems like it
should be specific to RHEL and maybe CentOS Stream, not Fedora.
My understanding
2012 Feb 23
1
FIPS fix for signature verification in ssh-rsa.c
code version referenced: openssh-5.9p1
Hi all,
When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow