SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
SoylentNews
What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality - with the help of some recently adopted crypto from DJ Bernstein. OpenSSH now finally has a compile-time option to no longer depend on OpenSSL, the option `make OPENSSL=no` has now been introduced for a reduced-configuration OpenSSH to be built without OpenSSL.
The result would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.
[Editor's Note: This appears to be very much a Work-in-Progress, so might not be available for your distro or via standard repositories.]
This discussion has been archived.
No new comments can be posted.
OpenSSH No Longer has to Depend on OpenSSL
|
Log In/Create an Account
| Top
| 14 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
The whole world is a tuxedo and you are a pair of brown shoes.
-- George Gobel
(Score: 2) by frojack on Friday May 02 2014, @12:18AM
I agree, it will be good to have the grown-ups in charge, and I'm betting every distribution switches to the new stack.
Crap code can come from a lot of different places, but it almost always hangs around due to being maintained too long by the people who wrote it originally.
Stuff that couldn't fail, gets maintained to death, and all of a sudden moving data from one 2k buffer to another 2k buffer ends up being rewritten as a string operation where one or both arguments are not size checked. Shit like that happens all the time, and unless someone else looks at it, the patch goes in and sits there like a time bomb.
No, you are mistaken. I've always had this sig.