On Fri, 2020-05-08 at 16:33 +0530, jijo thomas wrote: > Hi, > > 1) Is the libssh 0.9.4 FIPS compliance valid if I use libssh + > openssl?
FIPS is more complicated than saying that particular version is or is not FIPS compliant. Libssh 0.9.4 has all the bits to be FIPS compliant if it is built and used against openssl FIPS module with openssh KDF [1] (for example as part of RHEL8). In these conditions, libssh does not do any restricted cryptographic operations. [1] https://github.com/openssl/openssl/pull/7290 Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
