Re: Debian considers switching curl to use libssh instead of libssh2

Andreas Schneider via libssh2-devel Fri, 31 Dec 2021 04:16:32 -0800

On Friday, December 31, 2021 12:27:26 PM CET Daniel Stenberg wrote:
> > c) FIPS readiness
> 
> How is libssh more ready for FIPS than libssh2?


The easiest way is to pay a company which does FIPS certification to check the 
source code for you and produce a list of things which need to be addressed in 
order to be FIPS ready.

>From the checklist for FIPS just out my head:

* Use only crypto from a FIPS certified library (e.g. OpenSSL).
  libssh2 doesn't do that yet.
* Zero sensitive data before freeing it
* Test that it actually works in FIPS mode

Cheers


        Andreas

-- 
Andreas Schneider                 a...@cryptomilk.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


-- 
libssh2-devel mailing list
libssh2-devel@lists.haxx.se
https://lists.haxx.se/listinfo/libssh2-devel

Re: Debian considers switching curl to use libssh instead of libssh2

Reply via email to