[ssh_x509] ssh handshake failed in FIPS mode

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu May 16 22:01:25 EEST 2019


I did some test and it seems to me support for "x509v3-rsa2048-sha256" 
algorithms will be based on attached experimental patch 

- registration requires explicit set of signature name: 
....  (*)
- set of p->type = KEY_X509_RSA; is for pre 12.0 (not tested)

Daemon was run with "AcceptedAlgorithms=x509v3-rsa2048-sha256,rsa-sha2*" 
and RSA+CERT host key and third party software accepts such host key 
X.509 algorithm.


More information about the ssh_x509 mailing list