File README.FIPS of Package openssh.295

SUSE OpenSSH comes with FIPS 140-2 support. There are two levels of FIPS mode
that the OpenSSH binaries support - "compatibility" and "full".

The "compatibility" mode is triggered when OpenSSL reports to be in its FIPS mode
itself. If that is the case non FIPS 140-2 cryptographic algorithms are
disabled. No other actions are taken.

In the "full" mode the binaries (ssh, sshd, sftp-server) perform FIPS mandatory
selfcheck and proceeds only when the checks succeed. The checks require the
cryptographic hashes contained in the openssh-fips package. The checks are
triggered in two ways - either

1) /proc/sys/crypto/fips_enabled contains a single character '1'; or

2) the environment variable SSH_FORCE_FIPS is set (to any value).
openSUSE Build Service is sponsored by