Debian considers switching curl to use libssh instead of libssh2

Daniel Stenberg daniel at
Fri Dec 31 14:54:49 CET 2021

On Fri, 31 Dec 2021, Andreas Schneider wrote:

> * Use only crypto from a FIPS certified library (e.g. OpenSSL).
>  libssh2 doesn't do that yet.

When libssh2 uses OpenSSL for crypto, what else does libssh2 use for crypto 
then that makes it not adhere?

> * Zero sensitive data before freeing it

I don't think that's a FIPS requirement?

BTW, libssh2 can also build with wolfSSL, which is FIPS ready.



More information about the libssh2-devel mailing list