[Bug 3603] ssh clients can't communicate with server with default cipher when fips is enabled at server end

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 18 11:28:11 AEST 2023


--- Comment #12 from Damien Miller <djm at mindrot.org> ---
Created attachment 3720
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3720&action=edit
runtime probing of ciphers

> You can try this in your setup as well, enable openssl fips in server, use 
> latest openssh server and try connecting from a client with no ciphers 
> mentioned.

ok, you're putting OpenSSL in FIPS mode and not patching OpenSSH.
You've then created a situation where the OpenSSL you're using is
behaving differently to the OpenSSL that OpenSSH was compiled with, and
currently OpenSSH is not in a position to detect this.

Changing this basically requires that OpenSSH do runtime probing of all
cryptography to see whether something has changed underneath it.

This patch is an example of how we might approach this. Maybe it helps
your case? It certainly isn't complete - we'd need to do effectively
the same thing for MACs, public key algorithms and key agreement
algorithms too since I bet some of those could be disabled by OpenSSL's
FIPS support too. The patch could probably be simplified if there's a
simpler way to query whether OpenSSL supports a particular algorithm.

In the meantime, if you're changing your crypto library to disable
particular algorithms, then you need to *manually* change your
ssh_config and sshd_config to match.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list