Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

OpenSSH No Longer has to Depend on OpenSSL

posted by janrinok on Thursday May 01 2014, @12:14PM   Printer-friendly
from the its-progress dept.

cnst writes:

What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality - with the help of some recently adopted crypto from DJ Bernstein. OpenSSH now finally has a compile-time option to no longer depend on OpenSSL, the option `make OPENSSL=no` has now been introduced for a reduced-configuration OpenSSH to be built without OpenSSL.

The result would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.

[Editor's Note: This appears to be very much a Work-in-Progress, so might not be available for your distro or via standard repositories.]

 
This discussion has been archived. No new comments can be posted.
OpenSSH No Longer has to Depend on OpenSSL | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Foobar Bazbot on Thursday May 01 2014, @12:41PM

    by Foobar Bazbot (37) on Thursday May 01 2014, @12:41PM (#38463) Journal

    I wonder how this will compare to dropbear for mobile/embedded use. Probably bigger binary than dropbear, but with more features (e.g. SOCKS forwarding), and still lighter than the "normal" openssl+openssh option; sounds like a nice compromise.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2