[Bug 3603] ssh clients can't communicate with server with default cipher when fips is enabled at server end
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 17 18:59:56 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3603
--- Comment #2 from Shreenidhi Shedi <sshedi at vmware.com> ---
> Your server is lying about what ciphers it supports
This is the concern I have here. We are not explicitly setting these in
sshd_config and using defaults. Why does default cipher list show
chacha20 when it is not supporting it?
Or is it the suggested method from upstream that all downstream
instances should set cipherlist explicitly omitting chacha20 when fips
is enabled?
This list is coming from here:
https://github.com/openssh/openssh-portable/blob/master/myproposal.h#L59
I'm certain that we are not adding any cipher list explicitly.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list