Re: SSL version used ?

---

• From: Craig Morrison <craigmorrison@xxxxxxxxxxxxx>
• Date: Fri, 09 Jun 2006 14:10:14 -0400

---

Simon Tatham wrote:

Darren Tucker <dtucker@xxxxxxxxxx> wrote:

For comparison: PuTTY is the only implementation that springs to mind
which has its both its own crypto implementations and source readily
available. They are mostly (entirely? I didn't check them all) in
portable C.

They should all be, although our definition of `portable' may differ
from yours - it wouldn't surprise me to learn that OpenSSH compiled
on some platform or other that nobody had ever tried PuTTY on. (Or,
conceivably, vice versa.) In particular, we have no interest in
platforms with 16-bit ints (I don't know whether you do).

1398 sshprime.c
103 sshrsag.c

(These two are only used in PuTTYgen; if you intended to include key
generation code as well then you missed sshdssg.c, although it's
only about the same size as sshrsag.c.)

OpenSSL has optimized assembler versions for many platforms, crypto hardware
support (including smartcards), it already exists, it's widely tested...

And my understanding is that it, or some version of it, has been
FIPS 140-2 certified, which our crypto hasn't. Someone in the US
government was recently seriously suggesting building a version of
PuTTY with all our crypto replaced with calls to OpenSSL (!), so
that it would be usable under US government software certification
regulations...

A bit off topic, I know..

Simon, please consider keeping things the way they are.. If this is a must, please make it a compile time option.

PuTTY and friends rock, let's keep the boat stable. :-)

FWIW, I manage 3 mixed OS networks over a VPN using PuTTY (et al) and it works flawlessly. So I have a vested interest in the way things work now.

Craig
.

---

• Follow-Ups:
  • Re: SSL version used ?
    • From: Simon Tatham

• References:
  • SSL version used ?
    • From: astalavista
  • Re: SSL version used ?
    • From: Jacob Nevins
  • Re: SSL version used ?
    • From: Nico Kadel-Garcia
  • Re: SSL version used ?
    • From: Darren Tucker
  • Re: SSL version used ?
    • From: Simon Tatham

• Prev by Date: Anyone got the SSH Session Loging patch to work under AIX 5.2?
• Next by Date: Re: SSL version used ?
• Previous by thread: Re: SSL version used ?
• Next by thread: Re: SSL version used ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SSL version used ? ... on some platform or other that nobody had ever tried PuTTY on. ... FIPS 140-2 certified, which our crypto hasn't. ... PuTTY with all our crypto replaced with calls to OpenSSL, ... that it would be usable under US government software certification ... (comp.security.ssh) Re: SECURITY UPDATE: PuTTY version 0.57 is released ... THE Simon Tatham:) ... PuTTY version 0.57 is released ... > This version fixes a security hole in previous versions of PuTTY, ... (comp.security.ssh) Re: ssh tunnel, windowless-- possible in puTTY? ... In article Simon Tatham ... >> Using puTTY to set up the connection, is there any way to tell it to ... >> NOT display any terminal window? ... (comp.security.ssh) PuTTY 0.54 is released: SFTP UNIX port supports reput/reget? ... > From: Simon Tatham ... > Subject: PuTTY 0.54 is released ... > is that there is now a Unix version of most of the PuTTY utilities: ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2006-06