Without OpenSSL?

Iain Morgan imorgan at nas.nasa.gov
Fri Mar 7 07:00:23 EST 2014


On Thu, Mar 06, 2014 at 19:39:33 +0000, Scott Neugroschl wrote:
> Quoth Iain:
> >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support.
> 
> Hi Iain.  I haven't heard of this effort before.  Can you give a few more details?
> 
> Thanks,
> 
> ScottN
> 

Well, I'm not in a position to give any authoritative information, but
here is what I know: With the addition of curve25519, ed25519, and
chacha20+poly1305, the developers have commented about the possibility
of building an RFC non-compliant OpenSSH without OpenSSL.

If you search through the mailing list archive, I believe you chould see
some references to this. There are also commtnes in the CVS commits
regarding this. And, I believe Damien mentioned about this in his
interview on bsdnow.tv.

In one of the CVS commits, I noticed that there is support for falling
back on libc for digest support when building without OpenSSL, but I
don't recall if this is both MD5 and SHA1 or not.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list