Debian considers switching curl to use libssh instead of libssh2
daniel at haxx.se
Fri Dec 31 14:54:49 CET 2021
On Fri, 31 Dec 2021, Andreas Schneider wrote:
> * Use only crypto from a FIPS certified library (e.g. OpenSSL).
> libssh2 doesn't do that yet.
When libssh2 uses OpenSSL for crypto, what else does libssh2 use for crypto
then that makes it not adhere?
> * Zero sensitive data before freeing it
I don't think that's a FIPS requirement?
BTW, libssh2 can also build with wolfSSL, which is FIPS ready.
More information about the libssh2-devel