Phil, You are quite correct; my question was worded wrong. I was hoping that someone may have been able to get it to work somehow with the z/OS SFTP server when it was operating in FIPSMODE. I know the FileZilla author has no interest in getting it certified due to the costs you mentioned.
​Thanks, Mark Regan, K8MTR General, EN80tg CTO1 USNR-Retired (1969-1991), RUENAAA/CNO WASHINGTON DC//OP-009QCP Nationwide Insurance, Retired, 1986-2017 z/OS Network Systems Programmer (z NetView, z/OS Communications Server) Email: [email protected] LinkedIn: https://www.linkedin.com/in/mark-t-regan -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Phil Smith III Sent: Wednesday, July 26, 2023 19:47 To: [email protected] Subject: Re: Does FileZilla Support FIPS 140-2? to IBM's SFTP Server (OpenSSH)? Mark Regan wrote: >Does FileZilla support a FIPS 140-2 connection to IBM's SFTP Server (OpenSSH)? I don't think that quite makes sense, Mark. There is no "FIPS connection". A given cryptographic module is or is not FIPS certified. So a more meaningful question might be, "Does FileZilla have FIPS 140-2 (now 140-3, btw) certification, and if so, at what level?" The same would apply to IBM SFTP. Note that FIPS certification is quite weird, in that it can apply to specific pieces of a solution, like "the code that does the actual crypto", but not necessarily to the whole solution. Also note that most companies don't run anything in FIPS mode, because it typically results in a crippled product, where you can't do the things you actually need to do. An example might be that if FileZilla has FIPS certification, that doesn't mean anything if the other end of the connection is not also FIPS certified. FIPS certification typically costs well over $100K, so I'd be surprised if FileZilla had it. OpenSSL has FIPS versions, but barely, and only because it's so widely used, I expect. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
