SoylentNews is people
SoylentNews
What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality - with the help of some recently adopted crypto from DJ Bernstein. OpenSSH now finally has a compile-time option to no longer depend on OpenSSL, the option `make OPENSSL=no` has now been introduced for a reduced-configuration OpenSSH to be built without OpenSSL.
The result would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.
[Editor's Note: This appears to be very much a Work-in-Progress, so might not be available for your distro or via standard repositories.]
This discussion has been archived.
No new comments can be posted.
OpenSSH No Longer has to Depend on OpenSSL
|
Log In/Create an Account
| Top
| 14 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
You will be misunderstood by everyone.
(Score: 1) by cnst on Thursday May 01 2014, @02:04PM
But OpenSSH is not inventing their own crypto routines -- they're using those invented by DJB a couple of years back (and which have now been part of OpenSSH for a couple of months and two releases so far), instead of having to rely on the spaghetti that is OpenSSL.
(Score: 0) by Anonymous Coward on Friday September 12 2014, @04:22PM
95qcry cdzwvjvtxjbv [cdzwvjvtxjbv.com], [url=http://icrmeffnochz.com/]icrmeffnochz[/url], [link=http://fgmkpvgabhqj.com/]fgmkpvgabhqj[/link], http://piclrlcxvkpx.com/ [piclrlcxvkpx.com]