[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libssh FIPS support
[Thread Prev] | [Thread Next]
- Subject: Re: libssh FIPS support
- From: jijo thomas <jijo7thomas@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Wed, 13 May 2020 19:19:41 +0530
- To: libssh@xxxxxxxxxx
I'm confused now. Following is from libssh release note. "When libssh is built against a recent version of OpenSSL we will use the new APIs for KEX, DH, KDF and signatures. This is especially required for FIPS compatibility" So the above cannot be achieved with any released versions of openssl-fips? -- Jijo On Tue, May 12, 2020 at 7:56 PM Anderson Sasaki <ansasaki@xxxxxxxxxx> wrote: > > > ----- Original Message ----- > > From: "jijo thomas" <jijo7thomas@xxxxxxxxx> > > To: libssh@xxxxxxxxxx > > Sent: Tuesday, May 12, 2020 3:44:58 PM > > Subject: Re: libssh FIPS support > > > > Latest available openssl FIPS module is 2.0.16 which is compatible with > > openssl 1.0.2 > > But libssh 0.9.4 require openssl 1.1.1 > > > > I don't think openssl 1.1.1g could be compiled with openssl-fips-2.0.16 > (at > > least I was not able to do that) > > > > What am I missing here, to compile libssh with FIPS support in windows? > > A FIPS certified module is not something you can compile in your machine. > The module (which is in this case a binary) needs to be tested by an > accredited laboratory and approved by NIST, which is an expensive and > usually long process. > What you are missing is the OpenSSL 1.1.1 certified module for windows, > which probably doesn't exist (I'm not aware of any). > > >
| Re: libssh FIPS support | Jakub Jelen <jjelen@xxxxxxxxxx> |
| libssh FIPS support | jijo thomas <jijo7thomas@xxxxxxxxx> |
| Re: libssh FIPS support | Jakub Jelen <jjelen@xxxxxxxxxx> |
| Re: libssh FIPS support | jijo thomas <jijo7thomas@xxxxxxxxx> |
| Re: libssh FIPS support | Anderson Sasaki <ansasaki@xxxxxxxxxx> |