RE: OpenSSH and OpenSSL 0.9.7.e with FIPS - openssh

This is a discussion on RE: OpenSSH and OpenSSL 0.9.7.e with FIPS - openssh ; Michael Selvesteen wrote: >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling >FIPS. I found in the FIPS document that OpenSSL now contains the >FIPS 140 specific cryptographic API and algorithm implementations >only; i.e. the API ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: OpenSSH and OpenSSL 0.9.7.e with FIPS

  1. RE: OpenSSH and OpenSSL 0.9.7.e with FIPS

    Michael Selvesteen wrote:

    >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling
    >FIPS. I found in the FIPS document that OpenSSL now contains the
    >FIPS 140 specific cryptographic API and algorithm implementations
    >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
    >SHA-1). Does it have any functional impacts on SSH.
    >
    >Will all the encryption algorithm used by SSH continue to work when
    >FIPS is enabled in OpenSSL.


    Check the openssh-unix-dev archives around the June 2004 timeframe for
    a patch and discussion on a FIPS mode OpenSSH.

    Note that the FIPS mode OpenSSL validation is *still* pending.

    -Steve M.

    Steve Marquess
    Veridical Systems, Inc.
    1829 Mount Ephraim Road
    Adamstown, MD 21710
    301-524-9915 cell (weekdays)
    301-831-8447 landline/fax
    marquess@veridicalsystems.com
    marquess@oss-institute.org

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    http://www.mindrot.org/mailman/listi...enssh-unix-dev

  2. Re: OpenSSH and OpenSSL 0.9.7.e with FIPS

    One thing to mention here is that a FIPS 140-2 validated product stays
    FIPS 140-2 compliant ONLY if compiled by the original vendor of the
    product. In the case of OpenSSH, if OpenSSL is FIPS 140-2 validated, it
    will not be permitted to simply recompile OpenSSL when compiling
    OpenSSH. One will have to use the binary version of OpenSSL provided by
    the OpenSSL vendor/validation sponsor.

    Stan

    Stan Kladko
    BKP Security FIPS 140-2 Lab
    www.bkpsecurity.com




    Steve Marquess wrote:
    > Michael Selvesteen wrote:
    >
    > >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by

    enabling
    > >FIPS. I found in the FIPS document that OpenSSL now contains the
    > >FIPS 140 specific cryptographic API and algorithm implementations
    > >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
    > >SHA-1). Does it have any functional impacts on SSH.
    > >
    > >Will all the encryption algorithm used by SSH continue to work when
    > >FIPS is enabled in OpenSSL.

    >
    > Check the openssh-unix-dev archives around the June 2004 timeframe

    for
    > a patch and discussion on a FIPS mode OpenSSH.
    >
    > Note that the FIPS mode OpenSSL validation is *still* pending.
    >
    > -Steve M.
    >
    > Steve Marquess
    > Veridical Systems, Inc.
    > 1829 Mount Ephraim Road
    > Adamstown, MD 21710
    > 301-524-9915 cell (weekdays)
    > 301-831-8447 landline/fax
    > marquess@veridicalsystems.com
    > marquess@oss-institute.org
    >
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@mindrot.org
    > http://www.mindrot.org/mailman/listi...enssh-unix-dev



+ Reply to Thread