-
Bug
-
Resolution: Unresolved
-
Minor
-
rhel-7.9
-
None
-
None
-
FutureFeature
-
rhel-sst-cs-plumbers
-
ssg_core_services
-
3
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
The customer is having an issue with curl `curl-7.29.0-59.el7_9.2.x86_64` where if they attempt to connect to a RHEL 9 machine who does not allow (SHA1) ciphers the client machine is not able to connect properly and returns with this error:
```
curl: (2) Failure establishing ssh session
```
This is the command the customer uses:
```
$ curl -v -k -u [USER] -T [FILE] sftp://[HOST]
```
In the host logs we see disconnects from SSHD:
`Received disconnect from [CLIENT] port [PORT]:11: Unsupported cipher [preauth]`
This issue is fixed by enabling the hosts to still use (SHA1), `# update-crypto-policies --set LEGACY`.
however, what is noticed that the Client machine is able to connect to the RHEL 9 machine without any issues using `SSH` or `SFTP` it only affects `curl`.
This issue does not replicate on RHEL 9 client machines connecting to RHEL 9 host machines.
Please provide the package NVR for which bug is seen:
This issue has been reproduced on multiple client machines running RHEL 7
Steps to reproduce
- Client machine connect to RHEL 9 machine via SFTP via curl.
Expected results
-
- Client Machine should be able to connect to RHEL 9 machine using newer ciphers (Excluding SHA1)*
Actual results
-
- Client machines using curl `curl-7.29.0-59.el7_9.2.x86_64` are having the cipher used by SFTP be rejected by RHEL 9 machine with DEFAULT `cipher` list.*