[jira] [Created] (GUACAMOLE-2012) SSH connection fails when a FIPS server offers AES-GCM cipher suites only

Eugen Hartmann (Jira) Tue, 07 Jan 2025 08:51:05 -0800

Eugen Hartmann created GUACAMOLE-2012:
-----------------------------------------


             Summary: SSH connection fails when a FIPS server offers AES-GCM 
cipher suites only
                 Key: GUACAMOLE-2012
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-2012
             Project: Guacamole
          Issue Type: Bug
          Components: guacamole
    Affects Versions: 1.5.5
         Environment: FIPS 140-*
            Reporter: Eugen Hartmann


Both *guacmole-server* and the remote *sshd* environment are FIPS 140-*. 
Libssh2 error is LIBSSH2_ERROR_INVALID_MAC. The remote *sshd* error is:
{code:java}
Corrupted MAC on input. [preauth]{code}
The issue is solved by adding AES GCM ciphers to the FIPS cipher list.

 

 

Related: https://issues.apache.org/jira/browse/GUACAMOLE-1669

Libssh2 AES GCM: [https://github.com/libssh2/libssh2/issues/583]

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (GUACAMOLE-2012) SSH connection fails when a FIPS server offers AES-GCM cipher suites only

Reply via email to