[ssh_x509] ssh handshake failed in FIPS mode

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Jul 19 12:28:35 EEST 2019


Hi

  In continuation of this , we have one more requirement. What happens
is - we need to support both the algorithm (

>>>>>>
PubkeyAlgorithms x509v3-sign-rsa
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1

and
PubkeyAlgorithms x509v3-rsa2048-sha256
X509KeyAlgorithm x509v3-rsa2048-sha256,rsa2048-sha256
<<<<<<

Is there any way we can achieve this?

Thanks
GKS

On Fri, 17 May 2019 at 00:31, <ssh_x509 at roumenpetrov.info> wrote:
>
> Hi,
>
> I did some test and it seems to me support for "x509v3-rsa2048-sha256"
> algorithms will be based on attached experimental patch
> "0002-TESTING-x509v3-rsa2048-sha256.patch"
>
> Remarks:
> - registration requires explicit set of signature name:
> ...ssh_add_x509key_alg("x509v3-rsa2048-sha256,rsa2048-sha256,rsa2048-sha256")
> ....  (*)
> - set of p->type = KEY_X509_RSA; is for pre 12.0 (not tested)
>
>
> (*)
> Daemon was run with "AcceptedAlgorithms=x509v3-rsa2048-sha256,rsa-sha2*"
> and RSA+CERT host key and third party software accepts such host key
> X.509 algorithm.
>
>
> Regard,
> Roumen
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info



More information about the ssh_x509 mailing list