Is OpenSSH using OpenSSL to encrypt traffic? Or something else?
Asked
Active
Viewed 4.2k times
34
-
3This is not strictly a duplicate, however this earlier question is probably relevant to help explain the concepts. http://security.stackexchange.com/questions/1599/what-is-the-difference-between-ssl-vs-ssh-which-is-more-secure – Apr 29 '11 at 23:01
2 Answers
26
OpenSSH is a program depending on OpenSSL the library, specifically OpenSSH uses the libcrypto
part of OpenSSL.
Bruno Rohée
- 5,221
- 28
- 39
-
14It's worth mentioning that OpenSSH does not use the TLS protocol thats used for HTTPS etc. OpenSSH uses some of the OpenSSL cryptographic primatives. – JasperWallace Apr 22 '14 at 08:04
6
OpenSSH can be compiled without OpenSSL since 2014:
- http://it.slashdot.org/story/14/04/30/1822209/openssh-no-longer-has-to-depend-on-openssl
- http://marc.info/?l=openbsd-cvs&m=139879453001957&w=2
The author stated that this was in the making for a long time, but Heartbleed was likely the last straw.
Ciro Santilli OurBigBook.com
- 783
- 7
- 13