Alternate Open Source Crypto Solution in OpenSSH

Bostjan Skufca bostjan at a2o.si
Tue Jan 5 12:35:05 AEDT 2016


(I did not look at the code yet, begging forgiveness:)

How well structured is OpenSSH if one would want to use alternative SSL
implementation? Or, if I rephrase the question - how married is OpenSSH to
OpenSSL?

Would it make sense to refactor (if it is not done yet) openssh to use
generic API for communicating with any SSL implementation? Or is the
general stance on this subject "the new SSL implementation should provide
openssl-compatible API to be usable with openssh"?

I have no interest in any side of the argument, just curious.

b.


On 4 January 2016 at 23:15, Damien Miller <djm at mindrot.org> wrote:

> On Mon, 4 Jan 2016, Peter Stuge wrote:
>
> > Hi Kaleb,
> >
> > Kaleb Himes wrote:
> > > OpenSSH port Location:
> https://github.com/kaleb-himes/openssh-portable.git
> >
> > I'm afraid this repository is too messy to be useful. :\
> >
> > You need to use the features offered by git to preserve commit ids if
> > anyone else besides yourself is going to be able to work with this,
> > in particular developers who otherwise work with the upstream repo.
> >
> > If you are interested in contributing your work to the project then
> > you have to rebase your changes on top of the current upstream code.
>
> There's another problem - I just noticed that WolfSSL is GPL. We have
> no interest in adding support for a GPL crypto library.
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list