Call for testing: OpenSSH-5.7

Steve Marquess marquess at opensslfoundation.com
Tue Jan 18 00:47:07 EST 2011


Damien Miller wrote:
> On Sat, 15 Jan 2011, Jan Chadima wrote:
>
>   
>> The build in FIPS enabled RHEL6 does not still work.
>>     
>
> We don't (yet) support building against FIPS enabled OpenSSL.
>   

Out of curiosity, what is needed to make that happen?

That's a semi-rhetorical question; a well crafted patch would surely go
a long way.  I've had that on my rainy day to-do list for a long time. 
I have been building FIPS enabled versions of OpenSSH for my DoD clients
for some time, and I know others have done the same.  My feeble excuses
for not doing a better job of sharing with the community vary over time;
at the moment I'm more than fully committed with a day job and a newly
launched OpenSSL FIPS Object Module validation.

Anyone interested in taking working code that FIPS enables OpenSSH and
transforming it into something suitable for direct inclusion?  The
result will be very much noticed in the U.S. DoD where OpenSSH is widely
used in violation of the FIPS 140-2 validation mandate.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marquess at opensslfoundation.com



More information about the openssh-unix-dev mailing list