OpenSSH FIPS support
James Ralston
ralston at pobox.com
Sat Mar 11 08:47:08 AEDT 2023
A third possibility: if what you meant was:
3. We have a project where we are running sshd on a server that
uses OpenSSL 3.0 but we are required to run the server in
FIPS-enforcing mode and use only FIPS-validated algorithms.
…then the answer might be “that’s not possible at this time.”
Not many OS vendors are shipping OpenSSL 3.0 yet. Red Hat Enterprise
Linux 9 uses OpenSSL 3.0, and Red Hat has submitted the RHEL9
cryptographic modules to the CMVP for validation, but they have not
yet been granted a certificate:
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=red+hat&CertificateStatus=Active&ValidationYear=0
Note that in theory it should be easier to perform CMVP validation of
OpenSSL 3.0, because only the fips.so provider needs to be submitted
for validation:
https://www.redhat.com/en/blog/experience-bringing-openssl-30-rhel-and-fedora
But apparently it is more onerous to achieve validation under the
FIPS-140-3 program than the (discontinued) FIPS-140-2 program.
I do not know if any other Linux/Unix distributions both 1) are
shipping OpenSSL 3.0, and 2) have achieved CMVP validation for it.
More information about the openssh-unix-dev
mailing list