- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP SSH and FIPS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 03:24 AM
тАО07-26-2007 03:24 AM
HP SSH and FIPS
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 04:05 AM
тАО07-26-2007 04:05 AM
Re: HP SSH and FIPS
SSH is a port of openssh. http://www.openssh.org.
If openssh is FIPS compliant, so is HP's port.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-26-2007 05:02 AM
тАО07-26-2007 05:02 AM
Re: HP SSH and FIPS
I am just wonder if anyone else has run into this and whether they were able to find if it is compliant or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2007 12:59 AM
тАО09-19-2007 12:59 AM
Re: HP SSH and FIPS
We have a similar question regarding what version of OpenSSL on HP-UX 11.23 is FIPS compliant. Here's an answer we received from support.
Does anyone have any experience with this 1.1.1 version? Can it coexist with the current 0.9 version that ships with the OE? Or is it a wholesale upgrade?
Thanks in advance for your help!
===========================
emr_na-c00881524-1 -- Public
HP-UX - is HP's OpenSSL compliant with FIPS 140-2 versions?
ISSUE:
For HP-UX 11.11 systems, are OpenSSL versions A00.09.07e,i,l compliant with this FIPS (Federal Information Processing Standards) document:
FIPS PUB 140-2
Title: Security Requirements for Cryptographic Modules
available at:
http://csrc.nist.gov/cryptval/140-2.htm
SOLUTION:
As of the date of this writing, there is no FIPS 140-2 compliant version of HP's OpenSSL.
It is HP's understanding that FIPS implementation version 1.0 is no longer sanctioned by NIST (National Institute of Standards and Technology) as an official FIPS release. The 1.0 source appears to have been removed from the openssl.org repository. NIST apparently withdrew certification of 1.0 and will sanction FIPS 1.1 when it is available.
KEYWORDS:
-----------------------------------------------------------------------------------------------------------------
emr_na-c00868282-1 -- Public
HP-UX Openssl - is it certified for FIPS 140-2?
QUESTION:
Are any of the supported versions of HP-UX OpenSSL certified by HP to the FIPS 140-2 standard?
ANSWER:
NO. None of these versions of Openssl have been evaluated and certified by the HP OpenSSL Lab: 0.9.7e, 0.9.7i, 0.9.7l, 0.9.8d.
NOTE: The A.00.09.07i and A.00.09.07l releases from HP do supply some OpenSSL FIPS 1.0 files inside the source tar ball provided in the /opt/openssl/src directory. This source is supplied "as is" by HP. FIPS 1.0 is no longer maintained by OpenSSL. For that reason, the FIPS 1.0 files were removed from the 0.9.8d source tree.
OpenSSL.org has created a separate distribution of OpenSSL, called FIPS 1.1.1 it is in a separate source tree from the 0.9.x releases. For more information please look at these web sites:
http://www.oss-institute.org/
Click here for Open Source Software Institute: http://www.oss-institute.org/
http://www.openssl.org/docs/fips/
Click here for OpenSSL FIPS: http://www.openssl.org/docs/fips/
http://www.openssl.org/source/
Click here for OpenSSL Source: http://www.openssl.org/source/
HP Openssl documentation is available at HP's Internet and Security site:
http://www.docs.hp.com/en/internet.html
Click here for Internet and Security Solutions: http://www.docs.hp.com/en/internet.html
HP Openssl software is available at HP's software depot site.
http://software.hp.com
Click here for the Software Depot: http://software.hp.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2007 01:03 AM
тАО09-19-2007 01:03 AM
Re: HP SSH and FIPS
It appears that there is a FIPS compliant module approved by NIST.
Does anyone have experience with this? Thanks!
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2007 04:51 AM
тАО09-20-2007 04:51 AM
Re: HP SSH and FIPS
This document indicates that the FIPS module can be used by OpenSSL version 0.9.7m and above. Unfortunately, the latest version I see on the HP SW Depot is 0.9.7L.
Anyone know if HP plans to support a newer version of OpenSSL anytime soon? Or is anyone using a newer version of OpenSSL on HP-UX 11.23?
Cheers,
Darren
===============================
The FIPS object module provides an API for invocation of FIPS approved cryptographic functions
from calling applications, and is designed for use in conjunction with standard OpenSSL 0.9.7
distributions beginning with 0.9.7m. These recent full OpenSSL source distributions support the
original nonFIPS
API as well as a FIPS mode in which the FIPS approved algorithms are
implemented by the FIPS object module and nonFIPS
approved algorithms other than DH are
disabled by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2007 03:20 AM
тАО09-24-2007 03:20 AM
Re: HP SSH and FIPS
"I was notified today that the port of OpenSSL 0.9.7m is slated to be made available at http://software.hp.com in "Mid October". My advice would be start checking on the 10th. The current link for OpenSSL in that site is: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I"