Latest available openssl FIPS module is 2.0.16 which is compatible with openssl 1.0.2 But libssh 0.9.4 require openssl 1.1.1
I don't think openssl 1.1.1g could be compiled with openssl-fips-2.0.16 (at least I was not able to do that) What am I missing here, to compile libssh with FIPS support in windows? -- Jijo On Mon, May 11, 2020 at 1:07 PM Jakub Jelen <jje...@redhat.com> wrote: > On Fri, 2020-05-08 at 16:33 +0530, jijo thomas wrote: > > Hi, > > > > 1) Is the libssh 0.9.4 FIPS compliance valid if I use libssh + > > openssl? > > FIPS is more complicated than saying that particular version is or is > not FIPS compliant. Libssh 0.9.4 has all the bits to be FIPS compliant > if it is built and used against openssl FIPS module with openssh KDF > [1] (for example as part of RHEL8). In these conditions, libssh does > not do any restricted cryptographic operations. > > [1] https://github.com/openssl/openssl/pull/7290 > > Regards, > -- > Jakub Jelen > Senior Software Engineer > Security Technologies > Red Hat, Inc. > > >
