Without OpenSSL?
Iain Morgan
imorgan at nas.nasa.gov
Fri Mar 7 07:00:23 EST 2014
On Thu, Mar 06, 2014 at 19:39:33 +0000, Scott Neugroschl wrote:
> Quoth Iain:
> >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support.
>
> Hi Iain. I haven't heard of this effort before. Can you give a few more details?
>
> Thanks,
>
> ScottN
>
Well, I'm not in a position to give any authoritative information, but
here is what I know: With the addition of curve25519, ed25519, and
chacha20+poly1305, the developers have commented about the possibility
of building an RFC non-compliant OpenSSH without OpenSSL.
If you search through the mailing list archive, I believe you chould see
some references to this. There are also commtnes in the CVS commits
regarding this. And, I believe Damien mentioned about this in his
interview on bsdnow.tv.
In one of the CVS commits, I noticed that there is support for falling
back on libc for digest support when building without OpenSSL, but I
don't recall if this is both MD5 and SHA1 or not.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list