OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
security veteran
security.veteran at gmail.com
Sat Dec 5 08:02:17 AEDT 2015
Hi Jakub,
Another question I have is, are there any changes in this patch RedHat
Linux distribution specific? The reason I ask is, if I port the changes to
other Linux distribution like Debian or Ubuntu, do you see any issues?
Thanks.
On Fri, Dec 4, 2015 at 12:58 PM, security veteran <
security.veteran at gmail.com> wrote:
> Thanks Jakub.
>
> How does this patch match the OpenSSH source version? Does the patch only
> applicable to OpenSSH version 6.6.1, or does other version available as
> well?
>
> Thanks.
>
>
> On Fri, Dec 4, 2015 at 4:26 AM, Jakub Jelen <jjelen at redhat.com> wrote:
>
>>
>> On 12/04/2015 03:26 AM, security veteran wrote:
>>
>>> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to
>>> make it FIPS complaint?
>>>
>>> 4. Does the RedHat OpenSSH FIPS modules (
>>> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf
>>> )
>>> also open sourced to the OpenSSH community?
>>>
>> Yes, what we ship in RHEL is open-source. You can pick up sources that
>> are actually used in RHEL version in CentOS repository:
>> https://git.centos.org/summary/?r=rpms/openssh
>>
>> So as said before, upstream openssh is not FIPS-140 ready and we carry
>> the patches downstream. I am not sure if there was initiative to provide
>> patches upstream or if there would be some interest in them here, since it
>> is quite special use case.
>>
>> --
>> Jakub Jelen
>> Security Technologies
>> Red Hat
>>
>>
>
More information about the openssh-unix-dev
mailing list