[RFE] Request support for FIPS mode support

Iain Morgan imorgan at nas.nasa.gov
Thu Nov 27 07:56:59 EST 2008


As those working in the government sector (US and Canada) already know,
compliance with FIPS 140-2 is a significant issue. While there are a few
patches out there that add support for FIPS mode to OpenSSH, it is not
currently in the mainstream.

With the recent validation of the 1.2 version of the OpenSSL FIPS
cryptographic object module, is there any chance that support could be
added in for the next OpenSSH release? That would simplify things
tremendously for those who have to deal with FIPS 140-2.

I should note that in some cases, the need for FIPS mode support has
forced some government organizations to look more closely at SSH.com's
product, which was FIPS validated a few years ago.

I know there have been ocassional inquiries regarding this issue and
there is even an open bug (bz#1197) regarding it, but I would like to
encourage the developers to add this support and I would also like to
encourage those on the mailing list who are also interested in this
issue to chime in.


Iain Morgan

More information about the openssh-unix-dev mailing list