cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl sftp issue with fips enabled openssl

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Thu, 24 Jul 2014 22:37:49 +0200

On Thu, Jul 24, 2014 at 03:20:02PM +0000, Valluri, Sathish wrote:
> We are facing issue in curl sftp file transfer when FIPS mode is enabled in the
> openssl-1.0.0-20 version.

Is libssh2 using the FIPS version of OpenSSL as well?

>
> * Hostname was NOT found in DNS cache
>
> * Trying 10.31.252.180...
>
> * Connected to 10.31.252.180 (10.31.252.180) port 22 (#0)
>
> * Failure establishing ssh session
>
> * Closing connection 0
>
> * Hostname was NOT found in DNS cache
>
> * Trying 10.31.252.180...
>
> * Connected to 10.31.252.180 (10.31.252.180) port 22 (#0)
>
> * Failure establishing ssh session
>
> * Closing connection 0
>
> Error: Failed initialization
>
>
>
> Curl version : 7.37.1
>
> Libssh version used by curl : 1.4.3
>
> Openssl version : 1.0.0-20-fips
>
>
>
> If we disable fips in openssl our sftp with curl works properly.
>
>
> Can anyone have any suggestions on how to fix this initialization issue.

Disable FIPS? Just find some non-government work instead!

In the meantime, enable libssh2 verbose logging and see what it says.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-24

This message: [ Message body ]
Next message: David Shaw: "NSS, CURLOPT_CAINFO, and using the NSS CAs"
Previous message: Dan Fandrich: "Re: Porting libcurl on embedded system with proprietary OS"
In reply to: Valluri, Sathish: "Curl sftp issue with fips enabled openssl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]