-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
openssh-9.9p1-1.el10
-
No
-
Low
-
1
-
sst_security_crypto
-
ssg_security
-
9
-
12
-
0.3
-
False
-
-
No
-
Crypto24Q4
-
-
Pass
-
Needed
-
Automated
-
Release Note Not Required
-
-
All
-
None
What were you trying to do that didn't work?
Please provide the package NVR for which the bug is seen:
openssh-9.8p1-5.el10_fingertip.x86_64
How reproducible is this bug?:
always
Steps to reproduce
- run TC openssh/Sanity/use-advertised-algorithms in FIPS mode
- the phase 'Test that other kexes don't work for client' fails
Expected results
pass
Actual results
fail
Additional info: as we accepted and agreed behavior changes mentioned in CRYPTO-14982 seems that in FIPS mode when wrong KEX algo is specified the default list is not used
- links to
-
RHBA-2024:139872 openssh update