RE: OpenSSH and OpenSSL 0.9.7.e with FIPS

This is a discussion on RE: OpenSSH and OpenSSL 0.9.7.e with FIPS within the OpenSSH Development forums, part of the Networking and Network Related category; Michael Selvesteen wrote: >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page RE: OpenSSH and OpenSSL 0.9.7.e with FIPS

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-18-2005
Steve Marquess
 
Posts: n/a
Default RE: OpenSSH and OpenSSL 0.9.7.e with FIPS
Michael Selvesteen wrote:

>I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling
>FIPS. I found in the FIPS document that OpenSSL now contains the
>FIPS 140 specific cryptographic API and algorithm implementations
>only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
>SHA-1). Does it have any functional impacts on SSH.
>
>Will all the encryption algorithm used by SSH continue to work when
>FIPS is enabled in OpenSSL.

Check the openssh-unix-dev archives around the June 2004 timeframe for
a patch and discussion on a FIPS mode OpenSSH.

Note that the FIPS mode OpenSSL validation is *still* pending.

-Steve M.

Steve Marquess
Veridical Systems, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
301-524-9915 cell (weekdays)
301-831-8447 landline/fax
marquess@veridicalsystems.com
marquess@oss-institute.org

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
  #2 (permalink)  
Old 03-18-2005
kladko@bkpsecurity.com
 
Posts: n/a
Default Re: OpenSSH and OpenSSL 0.9.7.e with FIPS
One thing to mention here is that a FIPS 140-2 validated product stays
FIPS 140-2 compliant ONLY if compiled by the original vendor of the
product. In the case of OpenSSH, if OpenSSL is FIPS 140-2 validated, it
will not be permitted to simply recompile OpenSSL when compiling
OpenSSH. One will have to use the binary version of OpenSSL provided by
the OpenSSL vendor/validation sponsor.

Stan

Stan Kladko
BKP Security FIPS 140-2 Lab
www.bkpsecurity.com




Steve Marquess wrote:
> Michael Selvesteen wrote:
>
> >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by
enabling
> >FIPS. I found in the FIPS document that OpenSSL now contains the
> >FIPS 140 specific cryptographic API and algorithm implementations
> >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
> >SHA-1). Does it have any functional impacts on SSH.
> >
> >Will all the encryption algorithm used by SSH continue to work when
> >FIPS is enabled in OpenSSL.
>
> Check the openssh-unix-dev archives around the June 2004 timeframe
for
> a patch and discussion on a FIPS mode OpenSSH.
>
> Note that the FIPS mode OpenSSL validation is *still* pending.
>
> -Steve M.
>
> Steve Marquess
> Veridical Systems, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD 21710
> 301-524-9915 cell (weekdays)
> 301-831-8447 landline/fax
> marquess@veridicalsystems.com
> marquess@oss-institute.org
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> http://www.mindrot.org/mailman/listi...enssh-unix-dev

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:56 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0