[ssh_x509] ssh handshake failed in FIPS mode

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu May 16 22:01:25 EEST 2019


Hi,

I did some test and it seems to me support for "x509v3-rsa2048-sha256" 
algorithms will be based on attached experimental patch 
"0002-TESTING-x509v3-rsa2048-sha256.patch"

Remarks:
- registration requires explicit set of signature name: 
...ssh_add_x509key_alg("x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256") 
....  (*)
- set of p->type = KEY_X509_RSA; is for pre 12.0 (not tested)


(*)
Daemon was run with "AcceptedAlgorithms=x509v3-rsa2048-sha256,rsa-sha2*" 
and RSA+CERT host key and third party software accepts such host key 
X.509 algorithm.


Regard,
Roumen



More information about the ssh_x509 mailing list