• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Apple CoreCrypto FIPS Status
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Apple CoreCrypto FIPS Status

  • Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • From: "Link, Peter R." <email@hidden>
  • Date: Tue, 05 Mar 2013 22:16:20 +0000
  • Thread-topic: [Fed-Talk] Apple CoreCrypto FIPS Status
When software is deprecated, it gives programmers time to re-code around it and/or users to find something else to use. Software deprecation is something that's normal in the software industry, not something Apple thought up. 


On Mar 5, 2013, at 2:05 PM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223"
 <email@hidden>
 wrote:

If it's deprecated, why is it still included, even in the latest release?

As someone else had mentioned, it sure looks like ssh is using it...

flamingo:~ joliver$ ssh -V
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011

We all know that one vector for security issues is old, unmaintained software left sitting around.  If it needs to stay, it should be updated.  If it isn't needed, it should be removed.



-----Original Message-----
From: Shawn Geddis [mailto:geddis@apple.com]
Sent: Tuesday, March 05, 2013 9:29 AM
To: Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223
Cc: Apple Fed-Talk
Subject: Re: [Fed-Talk] Apple CoreCrypto FIPS Status

On Mar 5, 2013, at 12:06 PM, "Oliver, John N JR CTR SPAWARSYSCEN-PACIFIC, 53223" <email@hidden> wrote:

Actually, I was thinking more along the lines of, when is CoreCrypto going to be the default out-of-the-box?  When does the old OpenSSL go away?



OpenSSL was never the "default out-of-the-box" .
OpenSSL was deprecated in OS X 10.7

CoreCrypto / CoreCrypto Kernel is being validated for use under OS X 10.8
-- but was included in an earlier form (not to be validated) in OS X 10.7.

One correction I need to note from previous snippets for people is that...
. Heimdal Kerberos  in OS X 10.8.x does in fact use CoreCrypto, so will be covered by the validation as well.
-- It was an error of my email communication (copy/paste/fail to edit) previously.

- Shawn
________________________________________
Shawn Geddis   
Security Consulting Engineer
Apple Enterprise Division

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] Apple CoreCrypto FIPS Status (From: "Rowe, Walter" <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Link, Peter R." <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Link, Peter R." <email@hidden>)
 >Re: [Fed-Talk] Apple CoreCrypto FIPS Status (From: "Neely, Lee" <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Next by Date: [Fed-Talk] FYI: DoD Consent Banner & User Agreements
  • Previous by thread: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Next by thread: Re: [Fed-Talk] Apple CoreCrypto FIPS Status
  • Index(es):
    • Date
    • Thread