On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess <marqu...@oss-institute.org> wrote: > Long story short, OpenSSH really needs some source mods to gracefully invoke > and run in FIPS mode.
Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance. > Several people, myself included, have created patches > to that end. Are those specific patches sourced in the openssl trees, the openssh trees, or somewhere else? I'll google, but if you have URLs ... > Note I also specifically discuss OpenSSH in the User Guide. Yes. Found that. Still, to my read, the "needs patches" bit was a surpise. > Of course, if you don't plan to actually run in FIPS mode and just need > buzzword compliance (often the case) then what you plan should work. We've gotten a heads-up that a gov't client will require in the next (soon, tho hasn't occurred just yet ...) contract that SSH/VPN/IPSec/etc comms will be required. Of course, detailed spec, verification, etc is not yet available. $10 says it's for _their_ buzzword compliance .... My goal is to get an all-ssh-in-fips-mode setup demo'd locally, then hand it off to our tech folks so that we can then respond & document when the demand occurs. Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
