OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Jakub Jelen
jjelen at redhat.com
Fri Dec 4 23:26:36 AEDT 2015
On 12/04/2015 03:26 AM, security veteran wrote:
> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to
> make it FIPS complaint?
>
> 4. Does the RedHat OpenSSH FIPS modules (
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
> also open sourced to the OpenSSH community?
Yes, what we ship in RHEL is open-source. You can pick up sources that
are actually used in RHEL version in CentOS repository:
https://git.centos.org/summary/?r=rpms/openssh
So as said before, upstream openssh is not FIPS-140 ready and we carry
the patches downstream. I am not sure if there was initiative to provide
patches upstream or if there would be some interest in them here, since
it is quite special use case.
--
Jakub Jelen
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list