Inter-op and port (wolfSSL + openSSH)

Damien Miller djm at
Fri Sep 4 13:12:36 AEST 2015

On Tue, 1 Sep 2015, Kaleb Himes wrote:

> Hi openSSH,
> After having time to review our licensing model and perhaps play around
> with our product we were checking back to see what your thoughts might be.
> We also wanted to point out that we only desire to give end-users an
> alternative option to compiling with openSSL.
> End users who configure with the "--enable-wolfssl" option would need to
> consider licensing.
> That would be a part of their project evaluation phase. Any patch we submit
> to you would retain your licensing model.


I'm not opposed to making OpenSSH play nicer with non-OpenSSL crypto
libraries, but I am worried that attempts to do so could yield a worse
#ifdef maze than we already have.

Microsoft will need to figure out how to handle crypto in their port
of OpenSSH since they'll likely be using CryptoAPI instead of OpenSSL,
so perhaps there is an opportunity to find some nice way of abstracting
out all the BIGNUM, RSA, DSA, EC*, etc out that suits you both (and
cleans up core OpenSSH along the way).


More information about the openssh-unix-dev mailing list