[Bug 1987] FIPS signature verification incompatibility with openssl versions > 0.9.8q

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 9 10:14:23 EST 2012


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> 2012-03-09 10:14:23 EST ---
OpenSSH doesn't (yet) have support for FIPS OpenSSL. We might one day,
but in the meantime you should address this to the developers of one of
the FIPS patchsets.

Unfortunately, this approach disables our custom RSA
signature-verification code that is designed to save a substantial
amount of pre-authentication attack surface from sshd. For this reason
it is not going to be accepted for regular OpenSSH,

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list