delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2019/06/24/14:51:35

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:to:subject:date:message-id:mime-version
:content-type:content-transfer-encoding; q=dns; s=default; b=K5U
/giX80vLUVtTkHhTemEihG7pvOGU91U9KfgsnAhc5VsJjX6b/h27QGtCGnkKaB+V
X9Uq11fRr06ZnI3wV3vdMgaabvDx+W46EqbplTj8TNHeGTaCJ86p6nKOCtIwjn6k
p3FbYPo7TLaE5aStPGbpSPK7MGdPV0lM1T6qB4fQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:to:subject:date:message-id:mime-version
:content-type:content-transfer-encoding; s=default; bh=KuHUXP8x+
TwOnuo0iFckqClF1AE=; b=xgVZiw77mHlnXBPtSn/aaCphl+2GH9cSwdrnblxSR
pTTCYRGV98Py2j8NEvVgo9G/R1/Q0V6OvEVo9a9DgBexZtjMGHZOAwKeJpMkvb7a
mzrSOMSIVZTJSVZiyOqF+DA7n9CD6Po6BEKNLZ/6DN36oR4RqZe/Dc9bYCB3oTwF
qw=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=BAYES_50,HTML_MESSAGE,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=certified, certification, sector, approved
X-HELO: mail.aacisd.com
From: "Pinzone, Gerard" <GPinzone AT aaccorp DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: OpenSSH FIPS 140-2
Date: Mon, 24 Jun 2019 18:50:37 +0000
Message-ID: <e5f252b902f04393b6d581eb28e655fe@aaccorp.com>
MIME-Version: 1.0
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x5OIpHCl026945 

I've been able to build OpenSSL 1.0.2 with FIPS support on Cygwin 32-bit and native Windows using Visual Studio. The 64-bit edition of Cygwin doesn't build the FIPS module correctly. There is a workaround, but that workaround invalidates the FIPS build requirements, thus the resulting binary will not be approved without a private certification that costs lots of $$$. I'd like to get OpenSSH to work with the OpenSSL I've built under 32-bit Cygwin, but that might require a custom build of OpenSSH. The latest Cygwin uses the newer 1.1.1 branch of OpenSSL, so I don't know if that will cause any compatibility problems.

Having a FIPS 140-2 OpenSSH on a Windows OS is important for those in the financial and government sector. Microsoft's port of OpenSSH uses LibreSSL (I think) and cannot be FIPS certified. It looks like Cygwin is our only hope.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019