Hello All, I have a requirement to make Openssh FIPS compliant. It would be really helpful, if you could answer the below question and correct me if I am wrong.
I also understand there is a module called as fipscanister.o is introduced in Openssl. This ensures, FIPS compliancy. This also, exposes the API FIPS_mode and FIPS_set_mode. We have already integrated openssl with fipscanister.o. Is there any way by which, Openssh can make use of fipscanister module directly? I understand, Openssh needs to call FIPS_mode, FIPS_set_mode to ensure it operates in FIPS mode. I understand, few of the ciphers, MACs, kex algorithms are fips compliant and few others are not. Hence, openssh code has to be modified to allow only those which are fips compliant. Are there any more stuff which needs to be done? -- View this message in context: http://openssl.6102.n7.nabble.com/Making-Open-SSH-FIPS-compliant-tp52064.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
