Displaying 20 results from an estimated 10000 matches similar to: "FIPS compliant OpenSSH"
2010 Jul 29
0
building openssh with openssl-fips: cygwin can't find libcrypto
I am almost done here... I was able to symlink the headers to get past
the opensslv header files, but the build process fails because openssl
didn't build libcypto. The problem is that when building openssl with
fips, it doesn't not appear to build libcrypto, and changing anything
in the ./Configure makes in non-FIPs compliant.
Is there something I can do here to get a FIPs compliant
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
On Tue, 18 Apr 2023, Norbert Pocs wrote:
> Hi OpenSSH mailing list,
>
> I would like to announce the newly introduced patch in Fedora rawhide [0]
> for
>
> FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
>
> version.
>
> The patch targets OpenSSL support of OpenSSH, specifically the usage of
>
> old low level API. The new
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
Dear Damien,
On Wed, Apr 19, 2023 at 7:13?AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 18 Apr 2023, Norbert Pocs wrote:
>
> > Hi OpenSSH mailing list,
> >
> > I would like to announce the newly introduced patch in Fedora rawhide [0]
> > for
> >
> > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
> >
2018 Oct 02
2
Is samba FIPS compliant ? Can it be build with openssl ?
Thanks for the quick reply Jeremy.
We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ?
~ Mike
-----Original Message-----
From: Jeremy Allison <jra at samba.org>
Sent: Tuesday, October 2, 2018 2:08 PM
To: Tompkins, Michael <Michael.Tompkins at xerox.com>
Cc:
2018 Oct 02
2
Is samba FIPS compliant ? Can it be build with openssl ?
I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know.
Regards,
Mike
2014 Nov 19
1
Is samba FIPS compliant ?
Is samba FIPS compliant ? If so, does it need to use SMB2/SMB3 to be FIPS compliant ? We do not use the Heimdal Kerberos libraries that can be compiled with the samba release. We are use samba 4.0.7.
Regards,
- Mike
?
2023 Apr 18
3
FIPS compliance efforts in Fedora and RHEL
Hi OpenSSH mailing list,
I would like to announce the newly introduced patch in Fedora rawhide [0]
for
FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
version.
The patch targets OpenSSL support of OpenSSH, specifically the usage of
old low level API. The new OpenSSL version 3.0 introduces a FIPS
module (going through FIPS 140-2 validation and to be FIPS 140-3
2006 Apr 15
2
OpenSSH fips compliance
Hello All,
Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now
that a fips certified OpenSSL is now available at
http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of
any patches applicable for OpenSSH versions to make it fips compliant. Is
there any idea for OpenSSH core team to make OpenSSH as fips compliant? What
amount of work it needs at this
2008 Jun 19
0
Is there any plan for OpenSSH to support FIPS?
Hi OpenSSh Developer,
Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows.
1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box.
FIPS object module is generated by compiling openssl-fips-1.1.2.
FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Configure step.
2) Modify
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team,
I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.
2010 Jul 23
1
Compiling OpenSSH with OpenSSL-fips 0.9.8o on Windows
My office is currently using WRQ Reflections as it was FIPS compliant.
But this option is an expense that we'd like to get rid of if
possible. Putty is not an option for us since it uses it's own
OpenSSL libs and we need it FIPS enabled. I've been able to build
OpenSSL 0.9.8o and enable the fipcanister.lib and create the openssl
executables and libraries. I've been able to find
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2023 Mar 10
2
OpenSSH FIPS support
On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET
<jguittet.opensource at witekio.com> wrote:
> We currently work on a project that require SSH server with FIPS and
> using OpenSSL v3.
Gently: this is meaningless. You probably mean one of the following:
1. The SSH server implementation is required to use only cryptographic
algorithms that are FIPS-approved.
2. The SSH server
2012 Feb 23
1
FIPS fix for signature verification in ssh-rsa.c
code version referenced: openssh-5.9p1
Hi all,
When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow
2012 Feb 24
2
[Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q
https://bugzilla.mindrot.org/show_bug.cgi?id=1987
Bug #: 1987
Summary: FIPS signature verification incompatibility with
openssl versions > 0.9.8q
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote:
> > While I'm sure this is good for RHEL/rawhide users who care about FIPS,
> > Portable OpenSSH won't be able to merge this. We explictly aim to support
> > LibreSSL's libcrypto as well as openssl-1.1.x and neither supports the
> > OSSL_PARAM_BLD API (neither does BoringSSL, though our support for that
> >
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel,
Joel GUITTET wrote:
> Hi,
> We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
There is no way to work with OpenSSL v3 due to many reasons.
If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH.
Regards,
Roumen Petrov
--
Advanced
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data