Kerberos 1.9, can it be compiled to use OpenSSL .9.8 (FIPS140-2)?

Garrett Wollman wollman at
Tue Jan 11 18:30:23 EST 2011

In article <mailman.6.1294787028.4933.kerberos at>,
Tom Yu  <tlyu at MIT.EDU> wrote:
>> Just to make sure that I understand correctly: 1.8 and earlier
>> implemented CTS mode internally, and this code was ripped out in 1.9
>> in favor of the implementation in OpenSSL 1.0?
>No.  The krb5-1.8 code has the same limitation of requiring the
>OpenSSL >= 1.0 implementation of CTS mode.

OK, I think I understand.  This only matters if you configure with
--with-crypto-impl=openssl, right?

Garrett A. Wollman    | What intellectual phenomenon can be older, or more oft
wollman at| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers.         | accepted by all practitioners? - S.J. Gould, 1993

More information about the Kerberos mailing list