Debian considers switching curl to use libssh instead of libssh2

Will Cosgrove will at panic.com
Tue Jan 4 18:05:05 CET 2022


We do zero some sensitive data, but could be reviewed for completeness.

Cheers,
Will


> On Jan 2, 2022, at 1:33 PM, Daniel Stenberg via libssh2-devel <libssh2-devel at lists.haxx.se> wrote:
> 
> On Sun, 2 Jan 2022, Andreas Schneider wrote:
> 
>> FIPS 140-2: 4.7.6 Key Zeroization
> 
> The cryptographic module must do this, yes (apparently also according to 140-3 which is the current FIPS version). It just confuses me, since libssh2 isn't a crypto module. Clearly there are details here I'm not educated in. I'll just leave it.



More information about the libssh2-devel mailing list