Inter-op and port (wolfSSL + openSSH)

Kaleb Himes kaleb at
Tue Oct 20 05:04:19 AEDT 2015

Hi Damien and openSSH,

We have discussed internally the resources and time required to
implementing a "crypto abstraction layer". Unfortunately at the current
time we do not have the engineering resources/man power to be able to
assign this task. We are happy to submit a pull request on our current
modifications and to support those changes going forward. Let us know your

Best Regards,

The wolfSSL Team.

Kaleb Himes

kaleb at

Skype: kaleb.himes

+1 406 381 9556

On Thu, Sep 3, 2015 at 9:12 PM, Damien Miller <djm at> wrote:

> On Tue, 1 Sep 2015, Kaleb Himes wrote:
> > Hi openSSH,
> >
> > After having time to review our licensing model and perhaps play around
> > with our product we were checking back to see what your thoughts might
> be.
> >
> > We also wanted to point out that we only desire to give end-users an
> > alternative option to compiling with openSSL.
> > End users who configure with the "--enable-wolfssl" option would need to
> > consider licensing.
> > That would be a part of their project evaluation phase. Any patch we
> submit
> > to you would retain your licensing model.
> Hi,
> I'm not opposed to making OpenSSH play nicer with non-OpenSSL crypto
> libraries, but I am worried that attempts to do so could yield a worse
> #ifdef maze than we already have.
> Microsoft will need to figure out how to handle crypto in their port
> of OpenSSH since they'll likely be using CryptoAPI instead of OpenSSL,
> so perhaps there is an opportunity to find some nice way of abstracting
> out all the BIGNUM, RSA, DSA, EC*, etc out that suits you both (and
> cleans up core OpenSSH along the way).
> -d

More information about the openssh-unix-dev mailing list