Debian considers switching curl to use libssh instead of libssh2
Andreas Schneider
asn at cryptomilk.org
Fri Dec 31 13:16:22 CET 2021
On Friday, December 31, 2021 12:27:26 PM CET Daniel Stenberg wrote:
> > c) FIPS readiness
>
> How is libssh more ready for FIPS than libssh2?
The easiest way is to pay a company which does FIPS certification to check the
source code for you and produce a list of things which need to be addressed in
order to be FIPS ready.
>From the checklist for FIPS just out my head:
* Use only crypto from a FIPS certified library (e.g. OpenSSL).
libssh2 doesn't do that yet.
* Zero sensitive data before freeing it
* Test that it actually works in FIPS mode
Cheers
Andreas
--
Andreas Schneider asn at cryptomilk.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the libssh2-devel
mailing list