Hi Folks,
With Bill Colvin's help and reading past posts I was able to compile the FIPS module and OpenSSL 0.9.7m and install it successfully on Solaris 10. Thank you. Now I just need confirmation on the following thoughts concerning SSH and using FIPS mode. The default SSH on Solaris 10 is spread around the filesystem. Thus it doesn't know about OpenSSL being in /usr/local/ssl. So I need to either compile OpenSSH or install the precompiled binary from Sunfreeware. In either case, the default install directory is /usr/local and assumes OpenSSL is in /usr/local/ssl. Now is where I need confirmation: I assume OpenSSH doesn't know about FIPS because there are no configure options to include if I compile it, thus the precompiled binary is affected the same way (no FIPS configure options when it was created). So if a remote client wants to use SFTP or SCP in FIPS mode to this server, then the client software is responsible for enabling the FIPS mode, correct? If so, then I cannot do anything else on my server and it's up to the client to have the proper software. This all sounds clear in my head and I hope I was able to get the gist of it expressed ok. Any and all comments are welcome. Thanks, Ron
