Kerberos 1.9, can it be compiled to use OpenSSL .9.8 (FIPS140-2)?
fuzzyhypothesis at yahoo.com
Tue Jan 11 16:30:59 EST 2011
That would be great (the patch that is). Thank you.
I have a feeling I will not be the only one asking about this as other folks
start looking to bump up from 1.8.x.
Especially since it doesn't look like OSF will get OpenSSL 1.0 FIPS approved any
> Problem is I want to use the FIPS-140-2 certified version of
> OpenSSL, which is currently at .9.8. Is there a different option to
> set this up that I am missing? Or is 1.9 only going to use OpenSSL
> 1.0 and up?
It's a known issue due to the use of the CTS mode API that is only
present in OpenSSL >=1.0:
It should be possible to implement CTS mode on top of the CBC mode of
OpenSSL 0.9.8. We would be happy to consider a patch. There may be
other dependencies on OpenSSL >=1.0 but that is the main one that I am
More information about the Kerberos