OpenSSH No Longer Has To Depend On OpenSSL

Posted by Soulskill on Wednesday April 30, 2014 @07:27AM from the like-independence-day,-but-for-communications-protocols dept.

ConstantineM writes: "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL. `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."

1 of 144 comments (clear)

Min score:

Reason:

Sort:

Re:Vetting the replacement libraries? by chriscappuccio · 2014-04-30 09:35 · Score: 5, Informative

There are no replacement libraries. The ED25519, ECDH, ChaCha20 and AES-CTR code is all part of OpenSSH itself. And the code is very, very tight and compact and very easy to audit. Entirely the opposite of OpenSSL!!!