[ssh_x509] X.509 certificates support version 7.7

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Nov 9 23:12:46 EET 2013


Dear All,


Version 7.6 is now available for download with following updates

- based on OpenSSH version 6.4p1
   See OpenSSH security advisory: gcmrekey.adv.

- allow use of internal AES-CTR in FIPS mode
   This will allow use of AES-CTR in FIPS on systems where AES-CRT in 
not available. For instance systems with custom FIPS validated OpenSSL 
based on 1.0.0.

- build with kerberos enabled openssl
   Kerberos support is not enabled by default and if is not explicitly 
requested
(--with-kerberos5) at configure time build fail if openssl support kerberos.
   Now users could build ssh either with or without kerberos support.
   In addition dependency of ssl library for some executable, like 
ssh-keygen was removed. Remark: ssl library is required if OCSP is enabled.

- basic support for certificate chain
   Preparation of code for keys format described in RFC6187 .


Yours sincerely,
Roumen Petrov




More information about the ssh_x509 mailing list