- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: HP SSH and FIPS
Operating System - HP-UX
1752799
Members
6020
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 03:24 AM
тАО07-26-2007 03:24 AM
HP SSH and FIPS
I am trying to determine if the SSH version for HP-UX 11.11 that is available from HP is FIPS 140-2 compliant.So far I have not be able to find anything to give me a definite answer one way or another. Any help will be appreciated.
- Tags:
- ssh
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 04:05 AM
тАО07-26-2007 04:05 AM
Re: HP SSH and FIPS
Shalom
SSH is a port of openssh. http://www.openssh.org.
If openssh is FIPS compliant, so is HP's port.
SEP
SSH is a port of openssh. http://www.openssh.org.
If openssh is FIPS compliant, so is HP's port.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 05:02 AM
тАО07-26-2007 05:02 AM
Re: HP SSH and FIPS
Thanks. I see that it is a port of OpenSSH and from what I can find on oss-institute.org is that OpenSSH (or HP port of it) will be FIPS 140-2 compliant when built against the validated OpenSSL libraries and when appropriate application code is included to ensure that FIPS mode is activated and verified.
I am just wonder if anyone else has run into this and whether they were able to find if it is compliant or not.
I am just wonder if anyone else has run into this and whether they were able to find if it is compliant or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2007 12:59 AM
тАО09-19-2007 12:59 AM
Re: HP SSH and FIPS
Hi All-
We have a similar question regarding what version of OpenSSL on HP-UX 11.23 is FIPS compliant. Here's an answer we received from support.
Does anyone have any experience with this 1.1.1 version? Can it coexist with the current 0.9 version that ships with the OE? Or is it a wholesale upgrade?
Thanks in advance for your help!
===========================
emr_na-c00881524-1 -- Public
HP-UX - is HP's OpenSSL compliant with FIPS 140-2 versions?
ISSUE:
For HP-UX 11.11 systems, are OpenSSL versions A00.09.07e,i,l compliant with this FIPS (Federal Information Processing Standards) document:
FIPS PUB 140-2
Title: Security Requirements for Cryptographic Modules
available at:
http://csrc.nist.gov/cryptval/140-2.htm
SOLUTION:
As of the date of this writing, there is no FIPS 140-2 compliant version of HP's OpenSSL.
It is HP's understanding that FIPS implementation version 1.0 is no longer sanctioned by NIST (National Institute of Standards and Technology) as an official FIPS release. The 1.0 source appears to have been removed from the openssl.org repository. NIST apparently withdrew certification of 1.0 and will sanction FIPS 1.1 when it is available.
KEYWORDS:
-----------------------------------------------------------------------------------------------------------------
emr_na-c00868282-1 -- Public
HP-UX Openssl - is it certified for FIPS 140-2?
QUESTION:
Are any of the supported versions of HP-UX OpenSSL certified by HP to the FIPS 140-2 standard?
ANSWER:
NO. None of these versions of Openssl have been evaluated and certified by the HP OpenSSL Lab: 0.9.7e, 0.9.7i, 0.9.7l, 0.9.8d.
NOTE: The A.00.09.07i and A.00.09.07l releases from HP do supply some OpenSSL FIPS 1.0 files inside the source tar ball provided in the /opt/openssl/src directory. This source is supplied "as is" by HP. FIPS 1.0 is no longer maintained by OpenSSL. For that reason, the FIPS 1.0 files were removed from the 0.9.8d source tree.
OpenSSL.org has created a separate distribution of OpenSSL, called FIPS 1.1.1 it is in a separate source tree from the 0.9.x releases. For more information please look at these web sites:
http://www.oss-institute.org/
Click here for Open Source Software Institute: http://www.oss-institute.org/
http://www.openssl.org/docs/fips/
Click here for OpenSSL FIPS: http://www.openssl.org/docs/fips/
http://www.openssl.org/source/
Click here for OpenSSL Source: http://www.openssl.org/source/
HP Openssl documentation is available at HP's Internet and Security site:
http://www.docs.hp.com/en/internet.html
Click here for Internet and Security Solutions: http://www.docs.hp.com/en/internet.html
HP Openssl software is available at HP's software depot site.
http://software.hp.com
Click here for the Software Depot: http://software.hp.com
We have a similar question regarding what version of OpenSSL on HP-UX 11.23 is FIPS compliant. Here's an answer we received from support.
Does anyone have any experience with this 1.1.1 version? Can it coexist with the current 0.9 version that ships with the OE? Or is it a wholesale upgrade?
Thanks in advance for your help!
===========================
emr_na-c00881524-1 -- Public
HP-UX - is HP's OpenSSL compliant with FIPS 140-2 versions?
ISSUE:
For HP-UX 11.11 systems, are OpenSSL versions A00.09.07e,i,l compliant with this FIPS (Federal Information Processing Standards) document:
FIPS PUB 140-2
Title: Security Requirements for Cryptographic Modules
available at:
http://csrc.nist.gov/cryptval/140-2.htm
SOLUTION:
As of the date of this writing, there is no FIPS 140-2 compliant version of HP's OpenSSL.
It is HP's understanding that FIPS implementation version 1.0 is no longer sanctioned by NIST (National Institute of Standards and Technology) as an official FIPS release. The 1.0 source appears to have been removed from the openssl.org repository. NIST apparently withdrew certification of 1.0 and will sanction FIPS 1.1 when it is available.
KEYWORDS:
-----------------------------------------------------------------------------------------------------------------
emr_na-c00868282-1 -- Public
HP-UX Openssl - is it certified for FIPS 140-2?
QUESTION:
Are any of the supported versions of HP-UX OpenSSL certified by HP to the FIPS 140-2 standard?
ANSWER:
NO. None of these versions of Openssl have been evaluated and certified by the HP OpenSSL Lab: 0.9.7e, 0.9.7i, 0.9.7l, 0.9.8d.
NOTE: The A.00.09.07i and A.00.09.07l releases from HP do supply some OpenSSL FIPS 1.0 files inside the source tar ball provided in the /opt/openssl/src directory. This source is supplied "as is" by HP. FIPS 1.0 is no longer maintained by OpenSSL. For that reason, the FIPS 1.0 files were removed from the 0.9.8d source tree.
OpenSSL.org has created a separate distribution of OpenSSL, called FIPS 1.1.1 it is in a separate source tree from the 0.9.x releases. For more information please look at these web sites:
http://www.oss-institute.org/
Click here for Open Source Software Institute: http://www.oss-institute.org/
http://www.openssl.org/docs/fips/
Click here for OpenSSL FIPS: http://www.openssl.org/docs/fips/
http://www.openssl.org/source/
Click here for OpenSSL Source: http://www.openssl.org/source/
HP Openssl documentation is available at HP's Internet and Security site:
http://www.docs.hp.com/en/internet.html
Click here for Internet and Security Solutions: http://www.docs.hp.com/en/internet.html
HP Openssl software is available at HP's software depot site.
http://software.hp.com
Click here for the Software Depot: http://software.hp.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2007 01:03 AM
тАО09-19-2007 01:03 AM
Re: HP SSH and FIPS
Item 733: Open Source Software Institute
It appears that there is a FIPS compliant module approved by NIST.
Does anyone have experience with this? Thanks!
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm
It appears that there is a FIPS compliant module approved by NIST.
Does anyone have experience with this? Thanks!
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2007 04:51 AM
тАО09-20-2007 04:51 AM
Re: HP SSH and FIPS
http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf
This document indicates that the FIPS module can be used by OpenSSL version 0.9.7m and above. Unfortunately, the latest version I see on the HP SW Depot is 0.9.7L.
Anyone know if HP plans to support a newer version of OpenSSL anytime soon? Or is anyone using a newer version of OpenSSL on HP-UX 11.23?
Cheers,
Darren
===============================
The FIPS object module provides an API for invocation of FIPS approved cryptographic functions
from calling applications, and is designed for use in conjunction with standard OpenSSL 0.9.7
distributions beginning with 0.9.7m. These recent full OpenSSL source distributions support the
original nonFIPS
API as well as a FIPS mode in which the FIPS approved algorithms are
implemented by the FIPS object module and nonFIPS
approved algorithms other than DH are
disabled by default.
This document indicates that the FIPS module can be used by OpenSSL version 0.9.7m and above. Unfortunately, the latest version I see on the HP SW Depot is 0.9.7L.
Anyone know if HP plans to support a newer version of OpenSSL anytime soon? Or is anyone using a newer version of OpenSSL on HP-UX 11.23?
Cheers,
Darren
===============================
The FIPS object module provides an API for invocation of FIPS approved cryptographic functions
from calling applications, and is designed for use in conjunction with standard OpenSSL 0.9.7
distributions beginning with 0.9.7m. These recent full OpenSSL source distributions support the
original nonFIPS
API as well as a FIPS mode in which the FIPS approved algorithms are
implemented by the FIPS object module and nonFIPS
approved algorithms other than DH are
disabled by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2007 03:20 AM
тАО09-24-2007 03:20 AM
Re: HP SSH and FIPS
Looks like the "M" version will be released in mid October 2007. Per HP Support:
"I was notified today that the port of OpenSSL 0.9.7m is slated to be made available at http://software.hp.com in "Mid October". My advice would be start checking on the 10th. The current link for OpenSSL in that site is: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I"
"I was notified today that the port of OpenSSL 0.9.7m is slated to be made available at http://software.hp.com in "Mid October". My advice would be start checking on the 10th. The current link for OpenSSL in that site is: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I"
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP