Kerberos 1.9, can it be compiled to use OpenSSL .9.8 (FIPS140-2)?

Tom Yu tlyu at MIT.EDU
Tue Jan 11 18:03:45 EST 2011

wollman at (Garrett Wollman) writes:

> In article <mailman.4.1294780153.4933.kerberos at>,
> Tom Yu  <tlyu at MIT.EDU> wrote:
>>It's a known issue due to the use of the CTS mode API that is only
>>present in OpenSSL >=1.0:
> Just to make sure that I understand correctly: 1.8 and earlier
> implemented CTS mode internally, and this code was ripped out in 1.9
> in favor of the implementation in OpenSSL 1.0?

No.  The krb5-1.8 code has the same limitation of requiring the
OpenSSL >= 1.0 implementation of CTS mode.

More information about the Kerberos mailing list