From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 73180 invoked by alias); 24 Jun 2019 18:50:43 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 73174 invoked by uid 89); 24 Jun 2019 18:50:42 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=BAYES_50,HTML_MESSAGE,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=certified, certification, sector, approved X-HELO: mail.aacisd.com Received: from mail.aacisd.com (HELO mail.aacisd.com) (63.144.132.75) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 24 Jun 2019 18:50:40 +0000 From: "Pinzone, Gerard" To: "cygwin@cygwin.com" Subject: OpenSSH FIPS 140-2 Date: Mon, 24 Jun 2019 18:50:00 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-SW-Source: 2019-06/txt/msg00209.txt.bz2 I've been able to build OpenSSL 1.0.2 with FIPS support on Cygwin 32-bit an= d native Windows using Visual Studio. The 64-bit edition of Cygwin doesn't = build the FIPS module correctly. There is a workaround, but that workaround= invalidates the FIPS build requirements, thus the resulting binary will no= t be approved without a private certification that costs lots of $$$. I'd l= ike to get OpenSSH to work with the OpenSSL I've built under 32-bit Cygwin,= but that might require a custom build of OpenSSH. The latest Cygwin uses t= he newer 1.1.1 branch of OpenSSL, so I don't know if that will cause any co= mpatibility problems. Having a FIPS 140-2 OpenSSH on a Windows OS is important for those in the f= inancial and government sector. Microsoft's port of OpenSSH uses LibreSSL (= I think) and cannot be FIPS certified. It looks like Cygwin is our only hop= e. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple