Status of OpenSSL 1.1 support

Roumen Petrov openssh at roumenpetrov.info
Sun Oct 15 19:52:32 AEDT 2017


Hello Sebastian,

Sebastian Andrzej Siewior wrote:
> Hi,
>
> more or less a year ago Kurt Roeckx provided an initial port towards the
> OpenSSL 1.1 API [0]. [SNIP]

You could use PKIX-SSH - http://roumenpetrov.info/secsh/ .

Recent version 11.0, offers "forward" compatibility with OpenSSL, i.e. 
supports "STORE"-API that will be in 1.1.1.
PKIX-SSH offers compatibility even with alpha versions of OpenSSL 1.1 
API - for instance PKIX-SSH 8.7 works with 1.1.0-pre1 and 1.1.0-pre2 (
http://roumenpetrov.info.example.net/secsh/index-20160310.html#news20160116 
) .
Ancient versions of OpenSSL cryptographic library are supported as well.
PKIX-SSH works fine with specific library builds like FIPS enabled or 
Kerberos enabled.

Also you could build PKIX-SSH with openssl compatible libraries but be 
careful with X.509 algorithms - as some OpenSSL CVE defects may be are 
not fixed yet into compatible libraries.

You could find prebuild binaries for Android devices packaged into 
SecureBox .

> Sebastian

Regards,
Roumen Petrov


-- 
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/



More information about the openssh-unix-dev mailing list