similar to: [Bug 1197] Enhancement request to enable fips compatibility mode in OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 kpimm at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kpimm at yahoo.com --- Comment #7 from kpimm at yahoo.com --- I'm having likely the same problem as halsteaw. Can someone please

http://bugzilla.mindrot.org/show_bug.cgi?id=1197 Summary: Enhancement request to enable fips compatibility mode in OpenSSH Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://csrc.nist.gov/cryptval/140-1/140sp/140sp642.pdf http://www.openssl.org/docs/fips/UserGuide-1.0.pdf

https://bugzilla.mindrot.org/show_bug.cgi?id=1197 halsteaw at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |halsteaw at yahoo.com --- Comment #1 from halsteaw at yahoo.com 2010-01-22 03:35:09 EST --- Patches were provided in the mailing list

Greetings, As those working in the government sector (US and Canada) already know, compliance with FIPS 140-2 is a significant issue. While there are a few patches out there that add support for FIPS mode to OpenSSH, it is not currently in the mainstream. With the recent validation of the 1.2 version of the OpenSSL FIPS cryptographic object module, is there any chance that support could be added

Hi All: I tried to rebuild openssl with the FIPS modules, and then install the new openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box. After that I noticed it seemed to break OpenSSH: I couldn't login to the box using ssh, and couldn't run the client command like ssh-keygen either. My questions are: 1. Does OpenSSH support FIPS mode? 2. Or does OpenSSH support with

From: "Richard W.M. Jones" <rjones@redhat.com> --- src/launch-direct.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/launch-direct.c b/src/launch-direct.c index f06bb23..58e4b1a 100644 --- a/src/launch-direct.c +++ b/src/launch-direct.c @@ -328,6 +328,13 @@ launch_direct (guestfs_h *g, void *datav, const char *arg) ADD_CMDLINE (VIRTIO_BLK

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Summary|proposal how to change |Support better hash

On Sat, Nov 26, 2016 at 1:16 AM, Alexander Wuerstlein <arw at cs.fau.de> wrote: [...] > Afaik its because DSA key size has (for very weird reasons admittedly: > FIPS 186-4) been limited to 1024 bits which is considered weak nowadays. Use of DSA within the SSH protocol requires the use of SHA1, which is 160 bits (80 bits against a birthday attack) and is reaching its use-by date. This

On Wed, Sep 26, 2018 at 04:24:23PM -0400, mark wrote: > Here's a question that I have3n't found the answer to yet: does anyone > know the effect of enabling FIPS mode for apache? Will it break existing > websites? Does code need changing? Configuration, other than enabling it? > > mark I don't know anything about when it is a good idea or not, however, I have been

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always

Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need

Hi OpenSSh Developer, Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows. 1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box. FIPS object module is generated by compiling openssl-fips-1.1.2. FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Configure step. 2) Modify

Hi, ssh server: OpenSSH_6.3-FIPS, OpenSSL FIPS Object Module v2.0.5 ssh client: OpenSSH_5.3p1, OpenSSL FIPS Object Module v1.2 We have built and installed FIPS object module (v2.0.5) using http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz Using this FIPS object module, we have build FIPS capable openssl as well. Note that we have "not" used ecp version (with binary curve

Hi, I was trying to run sshd after applying the fips patches mentioned in http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh but for some reason sshd refuses to accept the connection. I guess I do something terribly wrong. Is there a reason that this is bound to fail? These 5.6 patches were the most recent I could find. Are there any fips patches

Thanks for the quick reply Jeremy. We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ? ~ Mike -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, October 2, 2018 2:08 PM To: Tompkins, Michael <Michael.Tompkins at xerox.com> Cc:

Hello, I am using the latest Tinc 1.1 from git (tinc version 1.1pre14-17-g2784a17 (built Jul 14 2016 14:18:09, protocol 17.7) on a CentOS 7.2 64bit with both test servers set it FIPS mode (cat /proc/sys/crypto/fips_enabled to verify or add fips=1 to your grub2 command line ). We need our test servers running in FIPS mode due to a minimum requirement for our project. OpenSSL in CentOS/RHEL has

Hi experts, Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions? Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode:

On Fri, Mar 10, 2023 at 10:27?AM Joel GUITTET <jguittet.opensource at witekio.com> wrote: > We currently work on a project that require SSH server with FIPS and > using OpenSSL v3. Gently: this is meaningless. You probably mean one of the following: 1. The SSH server implementation is required to use only cryptographic algorithms that are FIPS-approved. 2. The SSH server

On Tue, 18 Apr 2023, Norbert Pocs wrote: > Hi OpenSSH mailing list, > > I would like to announce the newly introduced patch in Fedora rawhide [0] > for > > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > > version. > > The patch targets OpenSSL support of OpenSSH, specifically the usage of > > old low level API. The new

Here's a question that I have3n't found the answer to yet: does anyone know the effect of enabling FIPS mode for apache? Will it break existing websites? Does code need changing? Configuration, other than enabling it? mark