[ssh_x509] PKIX-SSH release 13.3.1

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Mar 5 15:13:23 EET 2022

Dear list members,

New release is available for download. This release address mainly sandbox impact from use of poll/ppoll. It address compatibility issues with main point FIPS mode.

(x) Features:
* FIPS mode for OpenSSL 1.1
Vendor OpenSSL 1.1 release support FIPS. In addition rpm-spec files were updated to request more precisely FIPS related packages. In consequence FIPS build is enabled by default. Also FIPS tests are activated but errors are ignored for now.
Note if FIPS mode is not active it could be requests by environment variable OPENSSL_FIPS.

(x) Misc:
* selinux rules
   Enable 64-bit time ppoll and disable socket system calls in security-enhanced Linux.

* OS releases compatibility
   Updates to ensure functionality on "old" Linux. For instance rpm-spec files were updated to request package available in respective OS   release. LDAP tests use "hdb" backend on "old" Linux.

* cryptographic library compatibility
   Ensures work with ancient OpenSSL releases and OpenSSL compatible library.

* no DSA in pkcs11 Remove unfinished support for DSA keys in pkcs11.

Roumen Petrov

More information about the ssh_x509 mailing list