[openssl-users] Is there any patch for OpenSSH for it to work with OpenSSL FIPS?

security veteran security.veteran at gmail.com
Mon Sep 21 21:12:13 UTC 2015

Thanks Steve.

Just out of my curiosity that I can image there might already be a lot of
companies use the OpenSSL FIPS modules for the FIPS validation.
Since OpenSSH is almost everywhere in most of the server/ appliance
products, people should have run into the "OpenSSH not working with OpenSSL
FIPS mode" issue before. Do you know how do most people resolve problems
like this? Do they mostly use the OpenSSH patch to build the FIPS compliant
version of OpenSSH, or did people do something else to resolve the issue?

Thanks and appreciate your helps.

On Fri, Sep 18, 2015 at 4:49 AM, Steve Marquess <marquess at openssl.com>

> On 09/16/2015 09:57 PM, Salz, Rich wrote:
> >> Is there any reliable patch for OpenSSH to support FIPS mode?
> >
> > Try the openssh mailing lists?
> >
> >>From what I've seen the OpenBSD folks actively dislike FIPS, so good
> luck.
> You can find one out-of-date patch here:
>   http://openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch
> Note that is a non-trivial patch, as all the inlined cryptographic
> operations must be replaced with references to the validated module.
> Also note that you'll only want FIPS mode if you're deploying in a
> USG/DoD environment, in which case you'll also need x.509 support.
> Roumen Petrov has for years maintained a very nice (and also
> non-trivial) set of patches (http://roumenpetrov.info/openssh/) that add
> x.509 functionality. So apply his patches first, then do the FIPS mode
> adaptation.
> It's my understanding that stock OpenSSH will not support either FIPS or
> x.509, ever, a deliberate choice that frankly makes perfect sense given
> their project objectives. They have chosen to implement a simpler,
> leaner, and tighter certificate scheme specific to OpenSSH, to avoid the
> huge attack surface of x.509. Likewise FIPS validated software is
> necessarily less secure than the unvalidated equivalent. You use it only
> because you must per policy mandates, not because it has any technical
> advantages.
> Ssh is the de facto 21st century telnet and is widely used in U.S. DoD
> either in violation of the policy requirements for FIPS 140-2 and x.509,
> or with various homegrown vendor hacks that probably introduce still
> more vulnerabilities. I've long felt there would be a market for a "U.S.
> government compliant" version of OpenSSH, but if that's ever done it
> won't be by the OpenSSH maintainers.
> -Steve M.
> --
> Steve Marquess
> OpenSSL Software Foundation, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD  21710
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at opensslfoundation.com
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150921/49e99fbe/attachment.html>

More information about the openssl-users mailing list