On Wed, 12 Feb 2014, Hubert Kario wrote: > The previous version did bind cipher to DH sizes so this expectation was > met. Yes, but using obsolete symmetric/DH group size equivalences. > Problem is, that now when you're running in FIPS mode the chosen HMAC > in worst case is sha1-based so the DH moduli end up being 7680 bits in > size even when the selected cipher is 3DES: Which is the correct recommended length for a 160-bit key according to NIST. (It's ironic that you're effectively arguing to ignore NIST advice to make FIPS mode work) > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent > > as a result, connection to cryptlib server in FIPS mode doesn't work. We can't help other broken implementations. Easy workarounds include using ECDH and specifying explicit KexAlgorithms. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
