SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    OpenSSH No Longer has to Depend on OpenSSL
Date    Thursday May 01 2014, @12:14PM
Author    janrinok
Topic   
from the its-progress dept.
https://soylentnews.org/article.pl?sid=14/05/01/0859247

cnst writes:

What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality - with the help of some recently adopted crypto from DJ Bernstein. OpenSSH now finally has a compile-time option to no longer depend on OpenSSL, the option `make OPENSSL=no` has now been introduced for a reduced-configuration OpenSSH to be built without OpenSSL.

The result would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys.

[Editor's Note: This appears to be very much a Work-in-Progress, so might not be available for your distro or via standard repositories.]

Links
  1. "cnst" - http://cnst.su/
  2. "planned for a long time now" - https://twitter.com/damienmiller/status/428354975480045568
  3. "now officially a reality" - http://article.gmane.org/gmane.os.openbsd.cvs/130612
  4. "a compile-time option" - http://bxr.su/OpenBSD/usr.bin/ssh/Makefile.inc
  5. "now been introduced" - https://twitter.com/damienmiller/status/461373341538852864
  6. "would leave you" - https://twitter.com/damienmiller/status/461373493511065601
  7. "AES-CTR" - http://bxr.su/OpenBSD/usr.bin/ssh/cipher-aesctr.c
  8. "chacha20+poly1305" - http://bxr.su/OpenBSD/usr.bin/ssh/cipher-chachapoly.c
  9. "ciphers" - http://bxr.su/OpenBSD/usr.bin/ssh/cipher.c#ciphers
  10. "ECDH/curve25519 key exchange" - http://bxr.su/OpenBSD/usr.bin/ssh/kexc25519c.c
  11. "Ed25519 public keys" - http://bxr.su/OpenBSD/usr.bin/ssh/ssh-ed25519.c
© Copyright 2025 - SoylentNews, All Rights Reserved

printed from SoylentNews, OpenSSH No Longer has to Depend on OpenSSL on 2025-03-23 16:50:55