Displaying 20 results from an estimated 10000 matches similar to: "Is samba FIPS compliant ? Can it be build with openssl ?"
2018 Oct 02
2
Is samba FIPS compliant ? Can it be build with openssl ?
Thanks for the quick reply Jeremy.
We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ?
~ Mike
-----Original Message-----
From: Jeremy Allison <jra at samba.org>
Sent: Tuesday, October 2, 2018 2:08 PM
To: Tompkins, Michael <Michael.Tompkins at xerox.com>
Cc:
2014 Nov 19
1
Is samba FIPS compliant ?
Is samba FIPS compliant ? If so, does it need to use SMB2/SMB3 to be FIPS compliant ? We do not use the Heimdal Kerberos libraries that can be compiled with the samba release. We are use samba 4.0.7.
Regards,
- Mike
?
2007 Mar 01
2
OpenSSH use of OpenSSL in FIPS Mode
Now that OpenSSL has received FIPS 140-2 certification, does anyone know
if the work started a couple of years ago to allow OpenSSH to use
OpenSSL in FIPS mode will be reactivated?
Bill
2015 Dec 04
6
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with
2015 Oct 23
1
OpenSSL and OpenSSH on CentOS (FIPS enabled)
Hi experts,
Current I am doing FIPS gap analysis for our product, can someone help to have a look my questions?
Our product is server running under CentOS 6.x, and according to the upstream (RedHat) document, CentOS can be configured to FIPS mode:
2015 Dec 04
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Jakub.
How does this patch match the OpenSSH source version? Does the patch only
applicable to OpenSSH version 6.6.1, or does other version available as
well?
Thanks.
On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:
>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags
2006 Apr 15
2
OpenSSH fips compliance
Hello All,
Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now
that a fips certified OpenSSL is now available at
http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of
any patches applicable for OpenSSH versions to make it fips compliant. Is
there any idea for OpenSSH core team to make OpenSSH as fips compliant? What
amount of work it needs at this
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
On 12/04/2015 10:02 PM, security veteran wrote:
> Hi Jakub,
>
> Another question I have is, are there any changes in this patch RedHat
> Linux distribution specific? The reason I ask is, if I port the changes to
> other Linux distribution like Debian or Ubuntu, do you see any issues?
I don't think there is something distro-specific. Distro specific parts
are handled in other
2002 Sep 27
2
FIPS 140-2 certification
Hello everyone!
I work for a company that uses OpenSSH to remotely support systems we've
sold. Since some of our clients are US Dept. of Defense hospitals, our
access to these servers needs to comply with a whole range of
requirements and standards. At this point it's looking like the SSH
daemon needs to be FIPS 140-2 compliant, and the only package that is
certified is F-Secure.
2010 Jul 23
1
Compiling OpenSSH with OpenSSL-fips 0.9.8o on Windows
My office is currently using WRQ Reflections as it was FIPS compliant.
But this option is an expense that we'd like to get rid of if
possible. Putty is not an option for us since it uses it's own
OpenSSL libs and we need it FIPS enabled. I've been able to build
OpenSSL 0.9.8o and enable the fipcanister.lib and create the openssl
executables and libraries. I've been able to find
2023 Apr 18
3
FIPS compliance efforts in Fedora and RHEL
Hi OpenSSH mailing list,
I would like to announce the newly introduced patch in Fedora rawhide [0]
for
FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
version.
The patch targets OpenSSL support of OpenSSH, specifically the usage of
old low level API. The new OpenSSL version 3.0 introduces a FIPS
module (going through FIPS 140-2 validation and to be FIPS 140-3
2023 Apr 19
1
FIPS compliance efforts in Fedora and RHEL
On Tue, 18 Apr 2023, Norbert Pocs wrote:
> Hi OpenSSH mailing list,
>
> I would like to announce the newly introduced patch in Fedora rawhide [0]
> for
>
> FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9
>
> version.
>
> The patch targets OpenSSL support of OpenSSH, specifically the usage of
>
> old low level API. The new
2012 Feb 24
2
[Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q
https://bugzilla.mindrot.org/show_bug.cgi?id=1987
Bug #: 1987
Summary: FIPS signature verification incompatibility with
openssl versions > 0.9.8q
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2011 Jun 28
3
FIPS 140-2 compliance
I''ve just posted a feature request
<http://projects.puppetlabs.com/issues/8120> relating to FIPS 140-2
compliance. I''m pointing to it here on the mailing list because I listed
there five places where Puppet (nay, Ruby!) crashed while I was testing
a deployment using FIPS mode on all hosts. It crashed because it tried
to use MD5, and OpenSSL in FIPS mode doesn''t let
2012 Feb 23
1
FIPS fix for signature verification in ssh-rsa.c
code version referenced: openssh-5.9p1
Hi all,
When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
>Lets assume that application use OpenSSL FIPS validated module. FIPS mode
is activated in openssl command if environment variable OPENSSL_FIPS is
set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS
mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode.
Did you mean the FIPS patched OpenSSH server and client (such as
ssh-keygen) always
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen.
I have few more questions below:
1. What version of OpenSSH can the patch be applied to? What branch should
I check out the patch?
2.
>Impact is not only for source code. Build process has to be updated as
well. Red Hat is based on "fipscheck".
What build process should be changed? What is fipscheck?
3. My understanding any application (such as OpenSSH) which need
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team,
I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.