Hi, +-From: Scott Smith <sc...@smithdomain.com> -- |_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______ | |Yes, that works on Java8, I can now access the FIPS-mode server using |diffie-hellman-group-exchange-sha1 . |But it still fails on Java7, I assume because it can not generate keys > |1024?
For a long time, Sun(and Oracle)'s default JCE provider had not supported the long key for DH. It may be worth trying other JCE provider like BouncyCastle on Java7. |Does this mean it will be hopeless to use JSch to connect to a FIPS-mode |server on Java7 (that's mostly all I have here)? Does FIPS mode allow to use ecdh-sha2-nistp*? We have succeeded to support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2], and that functionality will be available on Java7. If you are interested in it, try http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip [1] https://twitter.com/ymnk/status/570116671899185152 [2] http://tools.ietf.org/html/rfc5656 Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 Skype callto://jcraft/ Twitter: http://twitter.com/ymnk Facebook: http://facebook.com/aymnk ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users
