OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?

security veteran security.veteran at gmail.com
Sat Dec 5 07:58:18 AEDT 2015


Thanks Jakub.

How does this patch match the OpenSSH source version? Does the patch only
applicable to OpenSSH version 6.6.1, or does other version available as
well?

Thanks.


On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:

>
> On 12/04/2015 03:26 AM, security veteran wrote:
>
>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to
>> make it FIPS complaint?
>>
>> 4. Does the RedHat OpenSSH FIPS modules (
>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
>> also open sourced to the OpenSSH community?
>>
> Yes, what we ship in RHEL is open-source. You can pick up sources that are
> actually used in RHEL version in CentOS repository:
> https://git.centos.org/summary/?r=rpms/openssh
>
> So as said before, upstream openssh is not FIPS-140 ready and we carry the
> patches downstream. I am not sure if there was initiative to provide
> patches upstream or if there would be some interest in them here, since it
> is quite special use case.
>
> --
> Jakub Jelen
> Security Technologies
> Red Hat
>
>


More information about the openssh-unix-dev mailing list