Hi Steve, On Sun, Jan 11, 2009 at 10:14 AM, Steve Marquess <marqu...@oss-institute.org> wrote: > Here you are presumably using a "FIPS compatible" standard OpenSSL > distribution, i.e. 0.9.8j.
yes, openssl version OpenSSL 0.9.8j-fips 07 Jan 2009 > The "fips" option means "find and reference the ... ... Clear & thorough. Thanks. > The OpenSSL FIPS Object Module *itself* doesn't have the concept of > "enabling" algorithms ... > When FIPS mode is enabled > at runtime that FIPS compatible distribution will automatically disable the > use of non-allowed algorithms. Ok. So , e.g. (reading the UserGuide now ...), to ensure that all ssh <-> ssh comms between boxes were limited correctly to fips-only algo usages, in "openssl.cnf", I'd specifically add: # Openssh section openssh_conf = openssh_options ... [ openssh_options ] alg_section = algs ... [ algs ] fips_mode = yes yes? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org