<div dir="ltr">Thanks Steve.<div><br></div><div>Just out of my curiosity that I can image there might already be a lot of companies use the OpenSSL FIPS modules for the FIPS validation.</div><div>Since OpenSSH is almost everywhere in most of the server/ appliance products, people should have run into the "OpenSSH not working with OpenSSL FIPS mode" issue before. Do you know how do most people resolve problems like this? Do they mostly use the OpenSSH patch to build the FIPS compliant version of OpenSSH, or did people do something else to resolve the issue?</div><div><br></div><div>Thanks and appreciate your helps.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 18, 2015 at 4:49 AM, Steve Marquess <span dir="ltr"><<a href="mailto:marquess@openssl.com" target="_blank">marquess@openssl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 09/16/2015 09:57 PM, Salz, Rich wrote:<br>
>> Is there any reliable patch for OpenSSH to support FIPS mode?<br>
><br>
> Try the openssh mailing lists?<br>
><br>
>>From what I've seen the OpenBSD folks actively dislike FIPS, so good luck.<br>
<br>
</span>You can find one out-of-date patch here:<br>
<br>
<a href="http://openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch" rel="noreferrer" target="_blank">http://openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch</a><br>
<br>
Note that is a non-trivial patch, as all the inlined cryptographic<br>
operations must be replaced with references to the validated module.<br>
<br>
Also note that you'll only want FIPS mode if you're deploying in a<br>
USG/DoD environment, in which case you'll also need x.509 support.<br>
<br>
Roumen Petrov has for years maintained a very nice (and also<br>
non-trivial) set of patches (<a href="http://roumenpetrov.info/openssh/" rel="noreferrer" target="_blank">http://roumenpetrov.info/openssh/</a>) that add<br>
x.509 functionality. So apply his patches first, then do the FIPS mode<br>
adaptation.<br>
<br>
It's my understanding that stock OpenSSH will not support either FIPS or<br>
x.509, ever, a deliberate choice that frankly makes perfect sense given<br>
their project objectives. They have chosen to implement a simpler,<br>
leaner, and tighter certificate scheme specific to OpenSSH, to avoid the<br>
huge attack surface of x.509. Likewise FIPS validated software is<br>
necessarily less secure than the unvalidated equivalent. You use it only<br>
because you must per policy mandates, not because it has any technical<br>
advantages.<br>
<br>
Ssh is the de facto 21st century telnet and is widely used in U.S. DoD<br>
either in violation of the policy requirements for FIPS 140-2 and x.509,<br>
or with various homegrown vendor hacks that probably introduce still<br>
more vulnerabilities. I've long felt there would be a market for a "U.S.<br>
government compliant" version of OpenSSH, but if that's ever done it<br>
won't be by the OpenSSH maintainers.<br>
<br>
-Steve M.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Steve Marquess<br>
OpenSSL Software Foundation, Inc.<br>
1829 Mount Ephraim Road<br>
Adamstown, MD 21710<br>
USA<br>
<a href="tel:%2B1%20877%20673%206775" value="+18776736775">+1 877 673 6775</a> s/b<br>
<a href="tel:%2B1%20301%20874%202571" value="+13018742571">+1 301 874 2571</a> direct<br>
<a href="mailto:marquess@opensslfoundation.com">marquess@opensslfoundation.com</a><br>
<a href="mailto:marquess@openssl.com">marquess@openssl.com</a><br>
gpg/pgp key: <a href="http://openssl.com/docs/0x6D1892F5.asc" rel="noreferrer" target="_blank">http://openssl.com/docs/0x6D1892F5.asc</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>