Status of OpenSSL 1.1 support
Roumen Petrov
openssh at roumenpetrov.info
Sun Oct 15 19:52:32 AEDT 2017
Hello Sebastian,
Sebastian Andrzej Siewior wrote:
> Hi,
>
> more or less a year ago Kurt Roeckx provided an initial port towards the
> OpenSSL 1.1 API [0]. [SNIP]
You could use PKIX-SSH - http://roumenpetrov.info/secsh/ .
Recent version 11.0, offers "forward" compatibility with OpenSSL, i.e.
supports "STORE"-API that will be in 1.1.1.
PKIX-SSH offers compatibility even with alpha versions of OpenSSL 1.1
API - for instance PKIX-SSH 8.7 works with 1.1.0-pre1 and 1.1.0-pre2 (
http://roumenpetrov.info.example.net/secsh/index-20160310.html#news20160116
) .
Ancient versions of OpenSSL cryptographic library are supported as well.
PKIX-SSH works fine with specific library builds like FIPS enabled or
Kerberos enabled.
Also you could build PKIX-SSH with openssl compatible libraries but be
careful with X.509 algorithms - as some OpenSSL CVE defects may be are
not fixed yet into compatible libraries.
You could find prebuild binaries for Android devices packaged into
SecureBox .
> Sebastian
Regards,
Roumen Petrov
--
Secure shell with X.509 certificate support
http://roumenpetrov.info/secsh/
More information about the openssh-unix-dev
mailing list