Secure Shell
Open SSH and FIPS 140-2 Nov 10 2010 04:32PM
Hrolenok, Paul (phrolenok intelligent net) (1 replies)
I have an application where I have to implement SFTP file transfers with FIPS 140-2 certified encryption.
I've been trying to find out if I can use Open SSH for this or if I have to buy a commercial solution.
Essentially I have two questions.

1) Can I compile Open SSH from source using the Open SSL Fips sources and "inherit" the Fips certification?
2) Has anybody compiled Open SSH using the Fips Open SSL sources and can they give me any pointers on how to do that?

Any data on the difficulty or time involved would be appreciated since I have to justify the final decision to
my $BOSS. I would be doing this on a Sun SPARC system running Solaris 10. I have access to both gcc and the
Sun Workshop compilers and would appreciate any insight on either or both.

TIA
Paul

Paul S. Hrolenok
Senior Consultant
ID Services Group
http://www.intelligent.net
Recognized on Washingtonian Magazine's 50 Great Places to Work list - 2009

[ reply ]
Re: Open SSH and FIPS 140-2 Nov 10 2010 04:49PM
AMuse (amuse foofus com) (1 replies)
Re: Open SSH and FIPS 140-2 Nov 10 2010 11:12PM
IBug_1 (ibug_1 comcast net)


 

Privacy Statement
Copyright 2010, SecurityFocus