Status of OpenSSL 1.1 support

Roumen Petrov openssh at
Sun Oct 15 19:52:32 AEDT 2017

Hello Sebastian,

Sebastian Andrzej Siewior wrote:
> Hi,
> more or less a year ago Kurt Roeckx provided an initial port towards the
> OpenSSL 1.1 API [0]. [SNIP]

You could use PKIX-SSH - .

Recent version 11.0, offers "forward" compatibility with OpenSSL, i.e. 
supports "STORE"-API that will be in 1.1.1.
PKIX-SSH offers compatibility even with alpha versions of OpenSSL 1.1 
API - for instance PKIX-SSH 8.7 works with 1.1.0-pre1 and 1.1.0-pre2 ( 
) .
Ancient versions of OpenSSL cryptographic library are supported as well.
PKIX-SSH works fine with specific library builds like FIPS enabled or 
Kerberos enabled.

Also you could build PKIX-SSH with openssl compatible libraries but be 
careful with X.509 algorithms - as some OpenSSL CVE defects may be are 
not fixed yet into compatible libraries.

You could find prebuild binaries for Android devices packaged into 
SecureBox .

> Sebastian

Roumen Petrov

Secure shell with X.509 certificate support

More information about the openssh-unix-dev mailing list