your mail

Humphreys, James jhumphre at
Sat Apr 8 02:34:12 EST 2006

> On Thu, 6 Apr 2006, Miller, Damien wrote:
> > 
> > Does OpenSSH 4.3 support the use of the TLS ciphersuites that are 
> > supported in OpenSSL?
> > If so, is this a compile time option or a run-time option?  
>  Or can sshd
> > support both the SSL and TLS ciphersuites at the same time?
> OpenSSH doesn't use SSL or TLS - the SSH protocol defines its 
> own transport protocol which is a little different. Have a 
> look at the "Ciphers" and "MACs" options in ssh_config(5) to 
> see what cryptographic methods are supported.
> -d

My initial question was a bit misleading.   I realize that SSH
and SSL have different ways of specifying what ciphers and MACs
are supported and different ways of negotiating the setup of
the transport layer.   SSH uses its Algorithm Negotiation packet
while SSL uses its Client and Server HELLO messages and its
CipherSuite definitions.  Comparing the fields in the SSH
Algorithm Negotiation message against the definition of a
CipherSuite (as used by SSL), you'll see that they specify the
same information components.

Now, my understanding, which may be flawed, is that SSH and SSL
use the same crypto library.   SSLv3 support both the SSL and
newer TLS CipherSuite which are required for FIPS-140 and DISA
certification.  This leads to my real question of whether SSH is
DISA / FIPS-140 compliant and, if so, how is that achieved.

Looking at the SSH Algorithm Negotiation message, it appears
that there isn't any field in the message that specifies how the
shared symmetric encryption key is generated.   Looking at
ssh_config(5), I can see where and how the supported ciphers are
specified.  But there is no place in the negotiation message
where the shared key generation mechanism is specified.   So if I
configure sshd to support, say 3des-cbc, how does the daemon know
which mechanism to use to generate the shared symmetric key for
the session.   And how do the SSH client and server communicate
which mechanism they can support so that the two endpoints know if
a connection setup is even possible?


More information about the openssh-unix-dev mailing list