Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-58986

investigate bug in openssh/Sanity/use-advertised-algorithms in FIPS

XMLWordPrintable

    • openssh-9.9p1-1.el10
    • No
    • Low
    • 1
    • sst_security_crypto
    • ssg_security
    • 9
    • 12
    • 0.3
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q4
    • Release Note Not Required
    • All
    • None

      What were you trying to do that didn't work?

      Please provide the package NVR for which the bug is seen:

      openssh-9.8p1-5.el10_fingertip.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. run TC openssh/Sanity/use-advertised-algorithms in FIPS mode
      2. the phase 'Test that other kexes don't work for client' fails
      3.  

      Expected results

      pass

      Actual results

      fail

      Additional info: as we accepted and agreed behavior changes mentioned in CRYPTO-14982 seems that in FIPS mode when wrong KEX algo is specified the default list is not used

            dbelyavs@redhat.com Dmitry Belyavskiy
            rh-ee-mbezokon Miluse Bezo Konecna
            Dmitry Belyavskiy Dmitry Belyavskiy
            Miluse Bezo Konecna Miluse Bezo Konecna
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: