OpenSSH FIPS support
dbelyavs at redhat.com
Sun Mar 12 21:27:58 AEDT 2023
On Sun, Mar 12, 2023 at 2:48 AM Damien Miller <djm at mindrot.org> wrote:
> On Fri, 10 Mar 2023, Joel GUITTET wrote:
> > Hi,
> > We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
> > Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
> Patching OpenSSH for what exactly? OpenSSH builds just fine using OpenSSL 3.x
> and indeed it is tested constantly via our github test infrasructure (e.g.
If OpenSSH doesn't rely on OpenSSL deprecated functions in crypto
operations, it will be fips-compatible
when used with properly configured OpenSSL. We in Red Hat are working
on the minimal patch to provide it.
Also it's necessary to use combined methods for Digest + Signature/Verification.
More information about the openssh-unix-dev